Users with a group administration authorization attribute can create a certain set of records. In order to create a record, the group administrator has to specify the owner of the record.
The owner of the records must be the group in which the user has a group authorization attribute. If that group is the parent of other groups, the owner can also be from one of the sub groups. The whole set of records is called the group scope. The authorization examples provided illustrate the concept of group scope.
Users with the GROUP‑ADMIN attribute have the following access authority for the records within their group scope:
Access |
Description |
Commands |
---|---|---|
Read |
Show the properties of the record. |
showusr, showgrp, showres, showfile |
Create |
Create new records in the database. You must specify the owner. |
newusr, newgrp, newres, newfile |
Modify |
Change the properties of the record. |
chusr, chgrp, chres, chfile |
Delete |
Remove records from the database. |
rmusr, rmgrp, rmres, rmfile |
Connect |
Join a user to a group or separate a user from a group. |
join, join‑ |
The GROUP‑ADMIN attribute also has limits:
Copyright © 2013 CA Technologies.
All rights reserved.
|
|