Policy Server Guides › Policy Server Configuration Guide › SiteMinder Administrators › How to Create an Administrator

How to Create an Administrator

Administrator accounts can be configured with fine-grained privileges that determine the administrative capabilities available to that administrator.

Administrators are assigned rights to one or more security categories that define their administrative authority in the Administrative UI, such as managing authentication schemes. By default an administrator has access to every object related to an assigned security category.

1. Review the Administrator considerations.
2. Create an Administrator account.
3. Verify the privileges of the new Administrator account.

Administrator Considerations

Before you configure an Administrator, review the following guidelines:

• This process applies if the Administrative UI is using an external store as the source of administrator identities only. If you use the policy store as the source of administrator identities, create a Legacy Administrator.
• The rights that the Administrator requires to perform their job. Identifying these rights helps you delegate the appropriate security categories to the administrator.
• If the Administrators is responsible for application security policies.

Important! An Administrator can only create another Administrator with the same or lesser privileges. For example, if an Administrator has GUI and reports privileges, they can create another Administrator with those privileges, but not one with local API privileges. Similarly, an Administrator can only create an Administrator with the same or lesser scope (as defined by an assigned workspace).

Create the Administrator Account

Create an Administrator by creating an Administrator account.

Follow these steps:

1. Log in to the Administrative UI using the superuser or other administrator account with appropriate privileges.
2. Click Administration, Administrator.
3. Click Administrators.
4. Click Create Administrator.
5. Click Lookup under General.
6. Specify search criteria and click Search.
7. Pick the administrator that you want and click Select.
8. Do one of the following tasks:
   • To delegate all rights, select Super User and click Submit.
   • To delegate fine-grained privileges, go to the next step.
9. Specify how the administrator is permitted to interact with the Policy Server in the Access Methods section. Select the methods that the administrator needs for their role.

   Example: If an administrator is going to use the XPSImport and XPSExport tools, select Import Allowed and Export Allowed.

10. Click Add in the Rights section.
11. Select the security categories that you want to grant to the administrator and click OK.

    Note: Security categories comprise one or more tasks that correspond to specific CA SiteMinder® objects.

12. Specify the permissions that you want to grant to the administrator for each security category in the Rights table.

    Note: Only those permissions applicable for security categories in the table are available.

13. Click Submit.

    The Administrator is created.

More information:

Limit Administrator Account Scope Using Workspaces Overview

Administrator Accounts

Verify that the Administrator has the Correct Privileges

Verify that the new Administrator account has the correct privileges.

Follow these steps:

1. Log in to the Administrative UI using the Administrator account.
2. Explore the Administrative UI. Verify that only the security categories for which the account has rights are visible.