Provisioning Reference Guide › Provisioning Manager › Administrator Authentication › Administrator Authorization › Default Admin Profiles
Default Admin Profiles
The Provisioning Server provides default admin profiles that control the privileges of an administrator. These profiles give administrators access to the objects in the domain of the profile. Like the default administrator objects, such as etaadmin, the following profiles are created automatically when you install the Provisioning Server:
- DomainAdministrator and DomainAdministrator-NoWeb-Gives administrators full access to every object in the domain. Administrators who have this profile in the root domain have full access to all Provisioning Server objects and security information.
- PasswordAdministrator-Lets administrators change passwords and activate or suspend global users.
- UserAdministrator-Lets administrators manage users in the domain. Administrators with this profile cannot modify provisioning roles or account templates.
- ReadAdministrator-Lets administrators read every object in the domain.
- SelfAdministrator-Defines the actions that can be performed by self-administrators. By default, this profile authorizes self-administrators to read their own global user object, list their accounts, and modify specific attributes of their own global user or accounts. You can customize this profile to meet your self-administrator authorization requirements.
Copyright © 2013 CA.
All rights reserved.
|
|