Administrators and administrator groups are the main objects through which security is enforced in the . Each of these has a capability list which determines what an administrator can do and dictates the access to the Console in general, that is, who can interrogate or manipulate the database and its information.
Every user who might need to log on to the Console must be defined as an administrator in the CM database with a login name and a password. These administrators can then be restricted in their capabilities to specific object types and operations and grouped.
The Administrators subnode ( Global Settings > Administrators ) collects all administrators that exist in CM and enables you to manage them. The subnode for each administrator provides specific information about each individual administrator that exists in CM and provides access to its different aspects for modification.
The Group tab under each administrator node displays the groups the administrator belongs to. It is structured as follows:
- Member of : Displays the list of group names of which the administrator is a member.
- Share Objects : Displays if the objects created by the currently selected administrator are to be shared with the other members of the group or groups he belongs to. This means that the other group members have the same access rights to these objects and thus can use them, modify and delete them. The default value is No .
At installation time of the master database two administrators will be created automatically:
- admin : The admin user is a user with all permissions and capabilities. It cannot be deleted, non of its capabilities or other information (such as static and dynamic objects) can be modified, only its password can be changed. It cannot be added to the Security tab of individual objects either, because it has access to all by default.
- system : The system user is the login used by the master server itself for all database actions which it executes automatically, such as those of the identity or autodiscovery module. None of its settings can be modified and you cannot use this login to log on to the Console . The icon of this administrator is dimmed to indicate that it is not editable.