Configuration Guides › Policy Configuration Guide › Administrative User Interface Management › SiteMinder Administrators › Create a Legacy Administrator

Create a Legacy Administrator

A legacy administrator has the ability to manipulate the Policy Management API. A legacy administrator also can use legacy command-line tools that require a username and password, such as smobjexport, smobjimport and smreg.

Use the Administrative UI to configure a legacy administrator and define the tasks that this administrator can perform via the Policy Management API.

Note: The following procedure assumes you are creating a new object. You can also copy the properties of an existing object to create an object. More information exists in Duplicate Policy Server Objects.

To configure a legacy administrator

1. Click Administration, Administrators, Legacy Administrator, Create Legacy Administrator.

   The Create Legacy Administrator dialog opens.

   Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

2. Enter a name and optionally, a description in the General group box.
3. Select one of the following radio buttons in the Administrator Lookup group box to specify the lookup method:
   • SOA Security Manager Database

     Choose this option if the administrator authenticates against the SOA Security Manager database (policy store). Also, enter a value for the Password and Confirm Password fields.

   • External Directory

     Choose this option if the administrator authenticates against an external directory. Also, select user directory and authentication scheme in the Authenticate group box.

4. Select the administrator privileges from the following options:
   • System

     With System privileges, an administrator has access to all policy domains. When you select this radio button, a Task group box displays.

   • Domain

     With Domain privileges, an administrator has access to specific subset of policy domains. When you select this radio button, a Tasks and Scope group box displays. The Tasks group box lists the administrative tasks that can be performed. The Scope group box lists all the available domains that can be managed.

5. Choose the tasks the administrator can perform.

   For a System administrator, select one or more of the following tasks:

   • Manage System and Domain Objects
   • Manage Users
   • Manage Keys and Password Policies
   • Register Trusted Hosts

   For a Domain administrator, select one or more of the following tasks:

   • Manage Domain Objects
   • Manage Users
   • Manage Password Policies
6. If you are creating a Domain administrator, select the domains in the Scope group box that the administrator can manage.
7. Click Submit.

You have defined a legacy administrator.

Note: An administrator cannot create a child administrator with more privileges than the parent administrator.