The following table lists the different types of functions that users can do by default. A mark in a given cell indicates that the specified user can perform the listed function.
This table applies to all modules. Individual modules can also have specific restrictions, which are under the control of the module.
Table 18–1 Domain Admin, Admin, Operator, and General Functions
Function |
Domain Admin |
Admin |
Operator |
General |
---|---|---|---|---|
Load modules |
|
x |
|
|
Unload modules |
|
x |
|
|
Create administrative domains |
x |
|
|
|
Create groups within administrative domains |
x |
|
|
|
Add objects to groups or administrative domains |
x |
|
|
|
View administrative domains, hosts or modules |
x |
x |
x |
x |
Set ACL users or groups |
|
x |
|
|
Disable or enable modules |
|
x |
x |
|
Set module active time window |
|
x |
x |
|
Set alarm limits |
|
x |
x |
|
Set rule parameters |
|
x |
x |
|
Run alarm actions |
|
x |
x |
|
Run ad hoc commands |
|
x |
x |
|
Set the refresh interval |
|
x |
x |
|
Manually trigger a refresh |
x |
x |
x |
x |
Enable or disable history logging |
|
x |
x |
|
Set logging history parameters |
|
x |
x |
|
Acknowledge, delete, or fix events |
|
x |
x |
|
View events |
x |
x |
x |
x |
In Sun Management Center software, the above categories maintain inclusive relationships. This means that a user who has esadm privileges can do anything that a user who has esops privileges can do. An administrator can change the default permissions so that a user who has esops privileges can do more than a esadm user. Inclusive relationships mean that there is nothing in the software that makes one of esops, esadm, or esdomadm more powerful than either of the others.
For more information about how to override default privileges, see To Override Default Agent Privileges.