Administration

admin_acl_file

Assigning Administrative Permissions

Administrative principals may have varying levels of trust assigned to them, depending on your organization’s policies. Table 6-1lists the possible administrative permission settings and the letter designator used in the admin_acl_file to indicate the permissions assigned to the principal account. Permissions designated with a lower case letter apply only to the realm to which the administrative principal belongs. Permissions designated with an upper-case letter apply to all realms. The [permissions] is an optional string containing one or more of the options listed in the table below.

The Restricted administrator setting is a modifier; it must be used in conjunction with permissions. There are several important considerations that need to be taken into account while using r, R and Rr modifiers. Refer to “Using Restricted Adminsitrator” on page 99, for more information.

NOTE

The e, E, g and G switches are not affected by the r and R permissions.

*overrides the r and R switches

Table 6-1

Administrative Permission Settings

 

 

 

 

 

Administrator Field Name

ACL file

 

Character

 

 

 

 

 

 

Add Principals

a or A

 

 

 

 

Change Principal Passwords

c or C

 

 

 

 

Delete Principals

d or D

 

 

 

 

Edit the admin_acl_file.

e or E

 

Note: This setting cannot be restricted by the r or R

 

 

permissions

 

 

 

 

 

Edit Group Defaults

g or G

 

 

 

 

Inquire about Principals. Assign this attribute to all

i or I

 

administrative principals to allow use of the

 

 

administrative tools

 

 

 

 

96

Chapter 6