Skip to Content
Information
Unsupported content This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Managing administrator capabilities

The administrators, their groups and their capabilities have specific requirements regarding their security settings for both the capabilities as well as in the definition of their access.

The following topics are provided:

Capabilities

The capabilities defined for the operation with administrators, administrator groups and capabilities are the same. This means, that there is no distinction between working on an individual administrator or on working with a group. It also includes working on the capabilities through their specific node. For example, if an administrator is assigned the capability to manage administrators, he will also be able to create administrator groups and he can also modify or delete these groups as well as modify their capabilities, through the Capabilities tab or through the Capabilities node.

Access Rights

As you can see on the console neither the Administrators nor the Administrator Groups node have a Security tab. Access rights must therefore be defined individually through the Security Profile node or the Security tab of the respective administrator or administrator group.

Modifying administrator rights

When a new administrator is created in the database, he is automatically added to his own Security tab with the following access rights defined: Read Allow and Write Deny . Through this the newly created administrator is able to see himself in the console and to check his capabilities, for example, but he cannot make modifications to any of his settings.

When an administrator is to modify access rights to a specific object he must have the following capabilities and rights:

Capabilities

  • View Administrators
  • View Security
  • Manage Security
  • View Object Type
  • Manage Object Type

Access Rights

  • Read and write access on the object itself.

It is strongly recommended to not provide the general administrators with the possibility to modify their security settings, only the superadministrator should have this option. If administrators can modify their own settings they might gain access to objects, to which they should not.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Client Management 12.7