Manage System and Domain Objects

• Create/edit/delete Agents, Agent Configuration Objects, Agent groups, Agent types, Host Configuration Objects, user directories, policy domains, authentication schemes, directory mappings, certificate mappings, registration schemes, and SQL query schemes.
• Create/edit/delete all domain objects.
• Create/delete parent realms in all domains.
• Create/edit/delete administrators.
• Flush all caches, including cached resources.
• Change global settings.
• Delete Trusted Hosts

  Note: You cannot create or edit Trusted Host objects with this permission. You can only delete them. To register Trusted Hosts, you must have the Register Trusted Host permission.

Manage Users

• Flush all user session caches, or flush the user session cache of any individual user cache from any directory.
• Enable/disable users in any directory.
• Force password change on any user in any directory.

Manage Keys and Password Policies

• Create/edit/delete password policies.
• Manage keys.

Register Trusted Hosts

• Register Trusted Hosts

  The following table describes the permissions associated with domain-level tasks:

Manage Domain Objects

• In managed domains: create/edit/delete rules, rule groups, responses, response groups, policies.
• Edit top-level realms in managed domains (not resource filters).
• Create/edit/delete nested realms in managed domains.
• Flush specific realms from the resource cache, and flush all resources (in privileged domains) from the cache.

Manage Users

• Flush user session caches for individual users in directories attached to managed domains.
• Enable/disable users in directories attached to managed domains.
• Force password change on users in directories attached to managed domains.

Manage Password Policies

• Create/edit/delete password policies for users in directories attached to managed domains.