Previous Topic: Group Authorization AttributesNext Topic: GROUP-AUDITOR Attribute


GROUP-ADMIN Attribute

Users with a group administration authorization attribute can create a certain set of records. In order to create a record, the group administrator has to specify the owner of the record.

The owner of the records must be the group in which the user has a group authorization attribute. If that group is the parent of other groups, the owner can also be from one of the sub groups. The whole set of records is called the group scope. The authorization examples provided illustrate the concept of group scope.

Users with the GROUP‑ADMIN attribute have the following access authority for the records within their group scope:

Access

Description

Commands

Read

Show the properties of the record.

showusr, showgrp, showres, showfile

Create

Create new records in the database. You must specify the owner.

newusr, newgrp, newres, newfile

Modify

Change the properties of the record.

chusr, chgrp, chres, chfile

Delete

Remove records from the database.

rmusr, rmgrp, rmres, rmfile

Connect

Join a user to a group or separate a user from a group.

join, join‑

The GROUP‑ADMIN attribute also has limits:

More information:

Authorization Examples