Previous Topic: How to Grant Specific Administrative Privileges to Regular UsersNext Topic: Environmental Considerations


The ADMIN Class

Sub administrators—users listed in the access control list (ACL) of records in the class ADMIN—have privileges similar to users with the ADMIN attribute. However, the privileges of users in the ACL for records in the class ADMIN are limited to the particular class represented by the record. For example, the SURROGATE record in the ADMIN class determines which users can administer records of the SURROGATE class.

Note: For more information about CA ControlMinder classes, see the Reference Guide.

A user in the ACL for a particular record in class ADMIN can execute the following commands:

Access

Description

Commands

Read

Show the properties of the record in the class.

showusr, showgrp, showres, showfile, find

Create

Create new database records in the class.

newusr, newgrp, newres, newfile

Modify

Change properties in the class.

chusr, chgrp, chres, chfile

Delete

Remove existing class records from the database.

rmusr, rmgrp, rmres, rmfile

Connect

Add users to and remove users from groups. This access is valid only in the ACL of the GROUP record.

join, join‑

Password

Control the password of all users within the database, and their password attributes. This access grants the same authority as the access permitted a user with the PWMANAGER attribute. This is valid only in the ACL for record USER.

chusr

Users with ADMIN class privileges have the following limitations:

These limitations are part of the B1 security level certification.

More information:

B1 Security Level Certification