User administrator

The user administrator scenario describes the security settings to be defined for administrators who have quite far reaching rights, similar to the system administrator, that is, they can access all objects and types apart from the actual system settings.

1. Log on to the console with a superadministrator or the admin login.
2. Go to the Global Settings > Administrator Groups node.
3. Create a new group called UserAdmins .
4. Select the following Security Profile node and its Capabilities tab.
5. Click the Edit > Properties menu item.
   The Properties pop-up window appears.
6. In the Modify Capabilities tab select ALL capabilities and then clear the following:
   • Both Administrator capabilities
   • Both System Variables capabilities
   • Both Security Profile capabilities
   • Both License capabilities
7. Click OK to confirm and close the window.
8. Then go to the Static Objects tab and via the Properties pop-up window select all Top Nodes to be added to the static objects with Read, Write and Assign: Allowed .
9. In the Dynamic Objects tab add all queries which can be found under the folder BMC Client Management database apart from the All Administrators and All Administrator Groups queries with Read, Write and Assign: Allowed via the Properties pop-up window. These queries ensure, that the administrator has access to all objects of any type that will be created in the future by any other administrator.

Remarks regarding this configuration: