When a Container is created, the following roles are created by default:
Container Admin Role
Container Help-Desk Admin Role
People Admin Role (for the default People container that is created)
The creation of the following roles and the related ACIs, every time an organization is created, can be eliminated:
Container Admin Role
Container Help Desk Admin Role
Eliminate the roles and the related ACIs by making the following changes to the DAI service in the /etc/opt/SUNWam/config/ums/ums.xml file.
You can selectively remove only one of these roles, instead of all of them:
<AttributeValuePair> <Attribute name="childNode" /> <Value>PeopleContainer</Value> <Value>GroupContainer</Value> <Value>DPOrgUnitAdminRole</Value> <Value>DPOrgUnitHelpDeskAdminRole</Value> </AttributeValuePair>
The above are lines 170-175 in the /etc/opt/SUNWam/config/ums/ums.xml file.
It is not possible to eliminate the creation of this role: People Admin Role.
Every time an organization is created, a default People container is created and along with the People container, this role is also created. If you do not need this role, you may delete this role from the Access Manager Console. That will clean up all the ACIs related to this role as well.