Administrator privileges are determined by the tasks that you enable for the administrator. These privileges allow administrators to use a set of Policy Server features.
The following tables describe the privileges associated with each combination of administrator task.
|
Tasks
|
Administrative Privilege
|
|
Manage System and Domain Objects
|
|
|
Manage Users
|
- Flush all user session caches, or flush the user session cache of any individual user cache from any directory.
- Enable/disable users in any directory.
- Force password change on any user in any directory.
|
|
Manage Keys and Password Policies
|
- Create/edit/delete password policies.
- Manage keys.
|
|
Register Trusted Hosts
|
|
|
Tasks
|
Administrative Privilege
|
|
Manage Domain Objects
|
- In managed domains: create/edit/delete rules, rule groups, responses, response groups, policies.
- Edit top-level realms in managed domains (not resource filters).
- Create/edit/delete nested realms in managed domains.
- Flush specific realms from the resource cache, and flush all resources (in privileged domains) from the cache.
|
|
Manage Users
|
- Flush user session caches for individual users in directories attached to managed domains.
- Enable/disable users in directories attached to managed domains.
- Force password change on users in directories attached to managed domains.
|
|
Manage Password Policies
|
- Create/edit/delete password policies for users in directories attached to managed domains.
|
