Manualshelf

Troubleshooting guide

ManualsBrandsRSA Security ManualsServer6.1
31323334353637383940
1: Important RSA Authentication Manager 8.1 Changes 31
RSA Authentication Manager 6.1 to 8.1 Migration Guide
Predefined Administrative Roles
In version 6.1, roles are composed of a task list (what tasks can be performed by an
administrator assigned the role) and a scope (which objects the administrator can
administer). There are three predefined roles: realm, site, and group. Each role can be
assigned to an administrator and that administrator can be scoped to the realm or to a
particular site or group within the realm.
The following sections describe the default administrative roles in version 8.1.
Super Admin
The most important predefined role is the Super Admin role. This role is the only
role with full administrative permission in all security domains in your
deployment. You can use it to create other administrators and to create your
security domain hierarchy.
RSA recommends that you assign the Super Admin role to at least two
administrators. This ensures that you still have full administrative control in
situations where a Super Admin leaves for vacation or some other extended
absence.
RSA recommends that you save the Super Admin role in the top-level security
domain, and then save all other administrative roles in a lower-level security
domain. This prevents lower-level administrators, for example, Help Desk
Administrators, from editing the Super Admin’s password and then using the
Super Admin’s password to access the Security Console.
Root Domain Name Administrator. This role grants complete administrative
responsibility for managing all aspects of the security domain including objects
such as policies and attribute definitions. This role does not include certain Super
Admin permissions.
Security Domain Administrator
This role grants complete administrative responsibility to manage all aspects of a
branch of the security domain tree. This administrator has all permissions within
that branch except to manage top-level objects such as policies and attribute
definitions. By default, this role’s scope includes the entire deployment. If you
want to limit this role’s scope to a lower-level security domain in the deployment,
edit this role, or duplicate this role and then edit the scope of the duplicate role.
This role is limited to the security domain in which it is created. The Security
Domain Administrator can delegate some of the responsibilities of this role.
User Administrator
This role grants administrative responsibility to manage users, assign tokens to
users, and access selected authentication agents. This administrator cannot
delegate any of the responsibilities of this role.
Token Administrator
This administrative role grants complete administrative responsibility to import
and manage tokens, and to assign tokens to users. This administrator cannot
delegate any of the responsibilities of this role.