Previous Topic: Granting Authorization to General UsersNext Topic: RACROUTE Resource Names

Administration GuideESM Support (CA VM:Director only)ESM Command AuthorizationGranting Authorization to Directory Managers

Granting Authorization to Directory Managers

For directory managers, authorization is usually granted to directory manager commands. A shorthand notation is also used here. Instead of the using the tokens userid.manager, the tokens *.manager is substituted to authorize use of the command on any user ID whose directory manager is the specified manager.

The following rules are granted to directory managers, or a subset of them, determined by installation policy so that they can operate on the user IDs they manage (but not those managed by other managers):

ESM Rule

Resource

CADIRECT.ASSIGN.*.manager

Change of manager for a user ID.

CADIRECT.CHANGE.*.manager

Change of user ID name.

CADIRECT.DISPLINK.*.manager

Display of user’s disk LINKs.

CADIRECT.EXPIRE.*.manager

Expiration of user’s password.

CADIRECT.MANAGE.*.manager

Use of MANAGE menu for user.

CADIRECT.MAINTMAN.*.manager

Use of MAINT MANAGE command.

CADIRECT.MDSKSCAN.*.manager

Report on MDISKs of user.

CADIRECT.PASSWORD.*.manager

Change password of user.

CADIRECT.QUERY

Any QUERY command operand.

CADIRECT.RESET.USERPASS.*.manager

Clear user’s logon password violation count.

CADIRECT.RESET.VMXLINK.*.manager

Clear user’s LINK password violation count.

CADIRECT.TRANSFER.*.manager

Give user’s Mdisk to another user.

CADIRECT.ULIST.*.manager

List user IDs managed by the calling manager.

CADIRECT.USER.*.manager

Use of USER menu for the user ID being managed.

Resource definitions that enable the creation of new user IDs require a specialized format. For these, a token sequence of SYSTEM.NEWUSER is substituted in resource definitions that allow user ID creation.

The following tables displays corresponding RACROUTE resource names and the user ID creation authority each has:

RACROUTE Resource Name

Authorization

CADIRECT.ADDENTRY.SYSTEM.NEWUSER

Creation of a new user ID.

CADIRECT.MANSEL01.SYSTEM.NEWUSER

Creation of a new user ID with MANAGE.

CADIRECT.MULTIPLE.NEWUSER

Creation of a new user with MULTIPLE.