Endpoint Administration Guide for Windows › Scope of Administration Authority › Global Authorization Attributes › ADMIN Attribute
ADMIN Attribute
The ADMIN attribute lets a user execute almost all commands in CA ControlMinder. Users who are defined in the database with the ADMIN attribute can define and update users, groups, and resources in the database. This is the most powerful attribute in CA ControlMinder, but it does have limitations:
- If only one user in the database has the ADMIN attribute, that user cannot be deleted, and the ADMIN attribute cannot be removed from the record.
- Users with the ADMIN attribute but without the AUDITOR attribute cannot change the type of auditing that is done on a user, group, or resource (audit mode). If you have the ADMIN attribute and need to change the auditing characteristics of a user, group, or resource, assign yourself the AUDITOR attribute.
- Users with the ADMIN attribute cannot delete superuser (the root account on UNIX or the Administrator account on Windows), but they can set root to be a non‑ADMIN user.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|