CA AuthMinder Administration Guide › Overview of the Administration Console › Supported Roles › Default Administrative Roles › Scope of an Administrative Role
Scope of an Administrative Role
The scope of an administrative role in the Administration Console consists of:
- All the organizations that an administrator with a specific role can manage.
- The permissions that are associated with the role.
Important Notes About Scope
While creating an administrative role, remember that:
- The scope of the Master Administrator is All Organizations, and this administrator manages all existing and organizations that will be created in the future.
- An administrator (Global Administrator, Organization Administrator, or User Administrator) can manage their peers and the roles with fewer permissions, provided they have scope on the organization to which the administrators belong.
For example, a Global Administrator can manage other Global Administrators, Organization Administrators and User Administrators. However, they cannot manage Master Administrator.
- The scope of a Global Administrator role can be defined as All Organizations, in which case this administrator can manage all existing and future organizations.
- An Organization Administrator or a User Administrator can be limited to manage only specific organizations.
- If the administrator is derived by using Custom Roles, then the derived administrator belongs to the same level as that of the parent level.
For example, if you derive the MyGlobalAdmin administrator from Global Administrator, then MyGlobalAdmin is considered to be a Global Administrator. This is true even though you may have assigned MyGlobalAdmin fewer permissions compared to an Organization Administrator or User Administrator.
Note: An Organization Administrator or a User Administrator role should not be defined with the scope as All Organizations.
Copyright © 2013 CA.
All rights reserved.
|
|