|
|
|
Sm_PolicyApi_AdminRights_t enumerates the rights of the administrator. These values may be used individually or combined to set multiple rights. The resulting value is passed to Sm_PolicyApi_AddAdmin() as one of the attributes in a Sm_PolicyApi_Admin_t structure.
|
Name |
Value |
|---|---|
|
Sm_PolicyApi_AdminRights_ManageAllDomains |
0x01 |
|
Sm_PolicyApi_AdminRights_ManageObjects |
0x02 |
|
Sm_PolicyApi_AdminRights_ManageUsers |
0x04 |
|
Sm_PolicyApi_AdminRights_ManageKeys |
0x08 |
|
Sm_PolicyApi_AdminRights_ManagePasswordPolicy |
0x08 |
|
Sm_PolicyApi_AdminRights_ManageReports |
0x10 |
The following table shows how these values are used to set administrative privileges:
|
Scope |
Task |
Setting and Privilege(s) |
|---|---|---|
|
System |
Manage System & Domain Objects |
To set the privileges below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Privileges: Create/edit/delete agents, agent groups, directories, policy domains, authentication schemes, agent types, ODBC setup, directory mappings, certificate mappings, and registration schemes. Create/delete parent realms in all domains. Create/edit/delete administrators. Flush all caches, including cached resources. Change global settings. All the privileges for Manage Domain Objects listed below. |
|
Domains |
Manage Domain Objects |
To set the privileges below, set administrator rights to: Sm_PolicyApi_AdminRights_ManageObjects Privileges: In managed domains: create/edit/delete rules, rule groups, responses, response groups, policies. Edit top level realms in managed domains (not resource filters). Create/edit/delete nested realms in managed domains. Flush specific realms from the resource cache, and flush all resources (in privileged domains) from the cache. |
|
System |
View Reports |
To set the privilege below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Privilege: View all system and domain reports. |
|
Domains |
View Reports |
To set the privilege below, set administrator rights to: Sm_PolicyApi_AdminRights_ManageUsers Privilege: View reports for managed domains. |
|
System |
Manage Keys and Password Policies |
To set the privileges below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Privileges: Create/edit/delete password policies. Manage keys. |
|
Domains |
Manage Password Policies |
To set the privilege below, set administrator rights to: Sm_PolicyApi_AdminRights_ManagePasswordPolicy Privilege: Create/edit/delete password policies for users in directories attached to managed domains. |
|
System |
Manage Users |
To set the privileges below, set administrator rights to both of the following: Sm_PolicyApi_AdminRights_ManageAllDomains Privileges: Flush all user session caches, or flush the user session cache of any individual user cache from any directory. Enable/disable users in any directory. Force password change on any user in any directory. |
|
Domains |
Manage Users |
To set the privileges below, set administrator rights to: Sm_PolicyApi_AdminRights_ManageReports Privileges: Flush user session caches for individual users in directories attached to managed domains. Enable/disable users in directories attached to managed domains. Force password change on users in directories attached to managed domains. |
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |