|
|
|
The SuperAdmin is an administrator created with the super user option (-su) set during the Administrative UI registration. This means that the SuperAdmin has the ability to assign all categories, rights and scope to any other administrator.
From the Administrative UI, the SuperAdmin creates a new administrator named ManagerAdmin. Initially, ManagerAdmin has no privileges until the SuperAdmin assigns them.
Initial Privileges for ManagerAdmin
The SuperAdmin initially assigns the following to ManagerAdmin:
GUI Allowed
|
Security Category |
Scope |
Permissions* |
|---|---|---|
|
Admin Administration |
All |
V, M |
|
Agent Administration |
All |
V, M |
|
Application Administration |
All |
V, M, P |
|
Policy Administration |
Domain 1 |
V, M, P |
* Permissions: View, Manage, Propagate, eXecute (only for executing reports)
Important! The Propagate permission allows one manager to assign the category to another administrator.
At this stage, the SuperAdmin can change the permissions of the existing security categories.
Additional Privileges for ManagerAdmin
The SuperAdmin wants to assign an additional privilege to ManagerAdmin. Based on the categories already assigned to ManagerAdmin, the Security Category list from which the SuperAdmin can choose is slightly modified. All categories are displayed except the Agent and Admin Administration categories because they are already assigned to ManagerAdmin. Additionally, they cannot be assigned a scope so there is nothing that can be modified. The Admin Administration category is not displayed because the scope assigned is ALL so there is nothing to modify.
The only category still available from the original set of categories is Policy Administration because this category can be assigned a scope, which means that privileges can be applied to specific domains or applications. When SuperAdmin selects the Policy Administration category, the scope dialog displays a list that includes ALL as a selection as well as a complete list of domains, with the exception of Domain1, which ManagerAdmin has already been assigned.
Note: The Application Administration is a scoped category like Policy Administration; however, ALL has already been defined as the scope for this category so there is no need to redisplay this category as a choice.
SuperAdmin selects Domain2, extending ManagerAdmin's rights across a second domain.
ManagerAdmin's complete rights are now as follows:
|
Security Category |
Scope |
Permissions* |
|---|---|---|
|
Admin Administration |
All |
V, M |
|
Agent Administration |
All |
V, M |
|
Application Administration |
All |
V, M, P |
|
Policy Administration |
Domain1 |
V, M, P |
|
Policy Administration |
Domain2 |
V, M, P |
* Permissions: View, Manage, Protect, eXecute (only for executing reports)
| Copyright © 2009 CA. All rights reserved. | Email CA about this topic |