Administration

Administrative Permissions

Restricted administrator in both This Realm and All Realms fields - Restricts actions on admin_acl_file entries that belong to any realm supported by the primary security server.

Administrative principals who have the Restricted Administrator modifiers are not restricted from managing principals that are not included in the admin_acl_file.

The Restricted Administrator modifier setting does not override the Modify Administrative Permissions setting; that is, an administrative principal with both the Modify Administrative Permissions and the Restricted Administrator settings enabled can change principal settings in the admin_acl_file, including their own.

The Restricted Administrator modifier setting also does not override the Edit Group Default setting; so an administrative principal with both these settings enabled can edit the values of the default group principal.

Edit Group Select this box to allow the user to edit the default

Defaults values stored in the default group for the realm. Edits to the default principal are made through the Group Information window.

Modify Select this box to allow the user to modify Administrative administrative permissions for other users. Changes Permissions are made on the Administrative Permissions

window.

All button The Administrative Permissions window features two All buttons,

one for the designated principal in all realms

the other for the designated principal in the specified realm

Click either button, respectively, to assign all administrative permissions for the principal in all realms or this realm only.

162

Chapter 6

Page 162
Image 162
HP UX Kerberos Data Security Software manual 162