Administrative authorities are initially assigned by the MSCA. SCAs, LSCAs, ZCAs, VCAs, and DCAs can assign administrative authorities to CA Top Secret administrators within their scope if they themselves possess the authorities.
The only authority that you can completely deactivate is the authority to view passwords through the TSS LIST command. This can be accomplished by simply setting the PWVIEW control option to NO.
It is the option of the organization to determine whether or not the ability to view passwords by even the MSCA is to be considered a security exposure and if so, to deactivate that capability.
|
Copyright © 2009 CA.
All rights reserved.
|
|