Administration
Administrative Permissions
•Restricted administrator in both This Realm and All Realms fields - Restricts actions on admin_acl_file entries that belong to any realm supported by the primary security server.
Administrative principals who have the Restricted Administrator modifiers are not restricted from managing principals that are not included in the admin_acl_file.
The Restricted Administrator modifier setting does not override the Modify Administrative Permissions setting; that is, an administrative principal with both the Modify Administrative Permissions and the Restricted Administrator settings enabled can change principal settings in the admin_acl_file, including their own.
The Restricted Administrator modifier setting also does not override the Edit Group Default setting; so an administrative principal with both these settings enabled can edit the values of the default group principal.
Edit Group Select this box to allow the user to edit the default
Defaults values stored in the default group for the realm. Edits to the default principal are made through the Group Information window.
Modify Select this box to allow the user to modify Administrative administrative permissions for other users. Changes Permissions are made on the Administrative Permissions
window.
All button The Administrative Permissions window features two All buttons,
•one for the designated principal in all realms
•the other for the designated principal in the specified realm
Click either button, respectively, to assign all administrative permissions for the principal in all realms or this realm only.
162 | Chapter 6 |