An administrator is someone who can access Policy Server objects and tools.
You can create multiple administrator accounts so that different administrators have privileges according to their roles in an organization.
This model allows you to delegate the management of Policy Server objects and tools to others.
A default CA SiteMinder® superuser account with full system privileges is created when you configure the policy store, which is the default source of administrator identities. This default configuration lets you manage the environment immediately after installing the software.
We recommend configuring an external administrator user store.
When you configure the policy store, a default superuser account is created. This account has the maximum system privileges, which permit the following operations:
The default superuser account has the following credentials:
siteminder
The password that you specified when configuring the policy store.
Administrator accounts can be used to perform the following CA SiteMinder® administration tasks:
To delegate privileges to other administrators, create more administrator accounts. Administrator accounts define the following properties:
Specifies whether the Administrator can access all CA SiteMinder® data or only those objects that are defined in an assigned administrative Workspace.
Specifies what methods the Administrator can use to access and manage the CA SiteMinder® data.
Specifies what categories of CA SiteMinder® objects the Administrator can access, and whether they can only view or modify those objects.
These properties let you create administrators and assign privileges to match the administrative roles in your organization.
Note: You can only create more Administrator accounts that are associated with administrative users in an external administrator store. However, these Administrator accounts are automatically generated for Legacy Administrator records stored in the policy store to allow those administrators to access the Administrative UI.
Legacy Administrators perform the following tasks:
Note: A Legacy Administrator account is required when your environment includes a script or program that uses the Policy Management API. Create a Legacy Administrator with authentication privileges for executing those functions using the Policy Management API.
Note: Legacy Administrators can also access the Administrative UI when the policy store is configured as the source of administrator identities (the default). Once an external administrator store is configured, Legacy Administrator accounts cannot access the Administrative UI.
By default, the Administrative UI uses the policy store as its source of administrator identities. However, we recommend that you use an external administrator user store, such as a corporate directory, for further administrator accounts.
Consider the following factors when deciding where to store administrator identities:
Note: Once an external administrator store is configured, creating new Legacy Administrators or associating any Administrator accounts with Legacy Administrators is prohibited.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|