RSA Authentication Manager 6.1 Administrator's Guide - The Ether ...

More documents

Recommendations

Info

RSA Authentication Manager 6.1 Administrator’s GuideBy combining a specific administrative scope with a specific task list, you placeprecise limits on an administrator’s control of RSA Authentication Manager data.Administrative ScopeAdministrative scope, one of the two components of an administrative role, specifieswhich sites, Agent Hosts, groups, users, and tokens can be affected by administratorsto whom the role is assigned.There are three categories of administrative scope: realm, site, and group. Eachcategory defines an administrator’s privileges on one or more levels in the system.Within categories, administrative scope can be varied by specifying the realms, sites,or groups to which it applies: a realm administrator may be given control over onerealm or several, and the same principle applies to site and group administrators.The categories of administrative scope are hierarchical, in that privileges on a higherlevel include privileges on the levels below it. For example, a realm administrator canaffect sites and groups within the realm, while the privileges of a group administratordo not extend beyond the group. However, no realm administrator has privileges oversites and groups that are not within the realm or realms specifically included in theassigned administrative scope. The RSA Authentication Manager filters the names ofsites, groups, users, Agent Hosts, and tokens that appear on any administrator’s screenaccording to this scope definition so that administrators can access only data withintheir scopes.The three basic administrative scope categories distribute administrative privileges asfollows within the specific realms, sites, or groups assigned:• Realm administrators can view and edit all sites, groups, users, Agent Hosts andtokens (assigned and unassigned) within their designated realms.• Site administrators cannot add or delete a site. They can view and edit theirdesignated sites as well as the groups, users, Agent Hosts and assigned tokensbelonging to those sites. Site administrators can also view and edit all unassignedtokens in the Authentication Manager database. They can view and edit all AgentHosts, users, and tokens not belonging to any group or site.• Group administrators cannot add or delete a group. They can view and edit theirdesignated groups as well as the users, Agent Hosts, and assigned tokensbelonging to those groups. Group administrators can also view and edit all tokensthat are assigned to users in their groups and all unassigned tokens in theAuthentication Manager database. They can view and edit all Agent Hosts, users,and tokens not belonging to any group or site.32 2: Using RSA Authentication Manager Administration Applications
RSA Authentication Manager 6.1 Administrator’s GuideTask ListsA task list is the second component of an administrative role. It is a named set of tasksthat administrators, who are assigned a particular role, can perform within theiradministrative scope. Tasks correspond to commands in the user interface. Commandsnot included in the task list for an administrator’s assigned role are disabled on themenus that the administrator sees.RSA Authentication Manager provides three predefined task lists: Realm, Site, andGroup. These task lists include tasks that are appropriate for realm, site, or groupadministrators.You can also create modified versions or entirely new task lists and assign them toadministrators in your realm. This ability to customize roles gives you precise controlover the authority of your administrators. However, you cannot enable anadministrator to perform a task that is forbidden by the assigned administrative scope.It is important to remember that administrators’ privileges are limited according to theassigned administrative scope and that they can perform only those tasks allowed bythe scope definition, whatever the contents of the task list.Using Administrative Scope and Task Lists TogetherAn administrative role is the combination of the administrative scope and the task listthat you assign to a user. Consider the example of assigning the administrative role ofNew York site administrator for a large corporation with multiple sites.• First, you assign the administrative scope of a site administrator limited to theNew York site. This gives the user the authority to administer groups, users, AgentHosts, and tokens associated with the New York site, but prohibits him or her fromadministering similar resources associated with other sites.• Second, you assign the user the predefined site administrator task list. This meansthe user can perform the tasks that are required of a site administrator. These tasksinclude assigning administrative roles, importing and exporting tokens, addingand deleting groups, and editing the site.You can also assign a second, assistant administrator to the New York site, but with amore restricted task list, such as the predefined Group Administrator task list or acustom task list you create. This assignment enables the assistant administrator toperform a limited set of tasks on all resources associated with the New York site, suchas editing users, tokens, and groups, but not the full range of tasks permitted to theprimary site administrator.For information about creating a task list and assigning a task list to a user, see theHelp topics “Creating a Task List” and “Assigning Administrative Roles.” For a listadministrative tasks and their subtasks, see the Help topic “Categories of Tasks.”To Begin: Click User > Edit User > Administrative Roles. For instructions, clickHelp.2: Using RSA Authentication Manager Administration Applications 33
Page 1 and 2: RSA Authentication Manager 6.1Admin
Page 3: RSA Authentication Manager 6.1 Admi
Page 6 and 7: RSA Authentication Manager 6.1 Admi
Page 82 and 83:
RSA Authentication Manager 6.1 Admi
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245:
Page 248 and 249:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Page 259 and 260:
Page 261:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Page 307 and 308:
Page 309 and 310:
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317 and 318:
Page 319 and 320:
Page 321 and 322:
Page 323 and 324:
Page 325 and 326:
Page 327 and 328:
Page 329 and 330:
Page 331 and 332:
Page 333 and 334:
Page 335 and 336:
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345 and 346:
Page 347 and 348:
Page 349 and 350:
Page 351 and 352:
Page 353 and 354:
Page 355 and 356:
Page 357 and 358:
Page 359 and 360:
Page 361 and 362:
Page 363 and 364:
Page 365 and 366:
Page 367 and 368:
Page 369 and 370:
Page 371 and 372:
Page 373 and 374:
Page 375 and 376:
Page 377 and 378:
Page 379 and 380:
Page 381 and 382:
Page 383 and 384:
Page 385 and 386:
Page 387 and 388:
Page 389 and 390:
Page 391 and 392:
Page 393 and 394:
Page 395 and 396:
Page 397 and 398:
Page 399 and 400:
Page 401 and 402:
Page 403 and 404:
Page 405 and 406:
Page 407 and 408:
Page 409 and 410:
Page 411 and 412:
Page 413 and 414:
Page 415 and 416:
Page 417 and 418:
Page 419 and 420:
Page 421 and 422:
Page 423 and 424:
Page 425 and 426:
Page 427 and 428:
Page 429 and 430:
Page 431:
Page 434 and 435:
Page 437 and 438:
Page 439 and 440:
Page 441 and 442:
Page 443 and 444:
Page 445 and 446:
show all

RSA Authentication Manager 6.1 Administrator's Guide - The Ether ...

Create successful ePaper yourself

Delete template?

Save as template?