Configuration Guide › LDAP User Store Management › How to Configure Groups › Add Support for Groups as Administrators of Groups

Add Support for Groups as Administrators of Groups

If you are managing an LDAP user store, you can enable groups to serve as administrators of other groups. When you assign a group as an administrator, only administrators of that group will be administrators of the specified group. Members of the administrator group you specify will not have privileges to manage the group.

To configure support for groups as administrators of other groups:

1. Map the %GROUP_ADMIN_GROUP% well-known attribute to a physical attribute that will store the list of groups that serve as administrators.

   Note: The physical attribute that you select must support multiple values.

   Group Well-Known Attributes provides more information about the %GROUP_ADMIN_GROUP% attribute.

   Note:If you set the admin group type to ALL without setting the %GROUP_ADMIN_GROUP% well known, CA Identity Manager stores administrator groups in the %GROUP_ADMIN% attribute.

2. In the Directory AdminGroups Behavior section, configure the AdminGroupTypes element as follows:

   <AdminGroupTypes type="ALL">

   Note:The default AdminGroupTypes is NONE.

Once support for groups as administrators is configured in the Identity Manager directory, Identity Manager administrators can specify groups as administrators of other groups in the User Console.