Sub administrators—users listed in the access control list (ACL) of records in the class ADMIN—have privileges similar to users with the ADMIN attribute. However, the privileges of users in the ACL for records in the class ADMIN are limited to the particular class represented by the record. For example, the SURROGATE record in the ADMIN class determines which users can administer records of the SURROGATE class.
Note: For more information about CA ControlMinder classes, see the Reference Guide.
A user in the ACL for a particular record in class ADMIN can execute the following commands:
Access |
Description |
Commands |
---|---|---|
Read |
Show the properties of the record in the class. |
showusr, showgrp, showres, showfile, find |
Create |
Create new database records in the class. |
newusr, newgrp, newres, newfile |
Modify |
Change properties in the class. |
chusr, chgrp, chres, chfile |
Delete |
Remove existing class records from the database. |
rmusr, rmgrp, rmres, rmfile |
Connect |
Add users to and remove users from groups. This access is valid only in the ACL of the GROUP record. |
join, join‑ |
Password |
Control the password of all users within the database, and their password attributes. This access grants the same authority as the access permitted a user with the PWMANAGER attribute. This is valid only in the ACL for record USER. |
chusr |
Users with ADMIN class privileges have the following limitations:
These limitations are part of the B1 security level certification.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|