Previous Topic: UsersNext Topic: Security Policies and Users


Types of Users

CA ControlMinder supports the following types of users, that are used for managing resources in the CA ControlMinder database:

Regular users

Your organization's in‑house end users—the people who carry out the business of your organization. You can limit regular users' access to the system with both the native OS and CA ControlMinder.

Users with special privileges (sub administrators)

Regular users who have been given the ability to perform one or more specific administrative tasks. When regular users are given the ability to carry out specific administrative functions, the workload of the administrator is lessened. In CA ControlMinder, this is called task delegation.

Administrators

Users who have the highest authority within the native OS and CA ControlMinder. Administrators can add, delete, and update users and can perform almost all administrative tasks. With CA ControlMinder, you are able to limit the abilities of the native superuser. You can allocate administration tasks to specific users whose accounts are not automatically known. This means that it is not immediately clear to an intruder which user performs administrative tasks.

Group administrators

Users who can perform most administrative functions, such as adding, deleting, and updating users, within one particular group. This type of user, with its particular, limited authority, is not found in native Windows.

Password managers

Users who have the authority to change the password of other users. A password manager cannot change other user attributes. This type of user is not found in the native OS.

Group password managers

Users who have the authority to change the password of other users in one particular group. A group password manager cannot change other user attributes for users within the group. This type of user is not found in the native OS.

Auditors

Users who have the authority to read audit logs. They also determine the kind of auditing done on each login and each attempt to access a resource. This type of user is not found in the native OS.

Group auditors

Users who can read audit logs relevant to their group. They also have the authority to determine the kind of auditing done within a particular group. This type of user is not found in the native OS.

Operators

Users who can display (read) all the information in the database, shut down CA ControlMinder, and use the secons utility to perform tasks such as manage CA ControlMinder tracing and display run-time statistics. This type of user is not found in the native OS.

Note: For more information about the secons utility, see the Reference Guide.

Group operators

Users who can display all the information in the database for the group in which they are defined. This type of user is not found in the native OS.

Server

A special type of user that is really a process, which can ask for authorization for other users.

More information:

secons Utility