Add Support for Groups as Administrators of Groups

Configuration Guide › LDAP User Store Management › How to Configure Groups › Add Support for Groups as Administrators of Groups

Add Support for Groups as Administrators of Groups

If you are managing an LDAP user store, you can enable groups to serve as administrators of other groups. When you assign a group as an administrator, only administrators of that group are administrators of the specified group. Members of the administrator group you specify have no privileges to manage the group.

Follow these steps:

Map the %GROUP_ADMIN_GROUP% well-known attribute to a physical attribute that stores the list of groups that serve as administrators.
Note: The physical attribute that you select must support multiple values.

Group Well-Known Attributes provides more information about the %GROUP_ADMIN_GROUP% attribute.

Note:If you set the admin group type to ALL without setting the %GROUP_ADMIN_GROUP% well known, CA IdentityMinder stores administrator groups in the %GROUP_ADMIN% attribute.
In the Directory AdminGroups Behavior section, configure the AdminGroupTypes element as follows:
<AdminGroupTypes type="ALL">

Note:The default AdminGroupTypes is NONE.

Once support for groups as administrators is configured in the CA IdentityMinder directory, CA IdentityMinder administrators can specify groups as administrators of other groups in the User Console.