The following users present different security risks for Change Manager:
Superuser on the Change Manager server - Anyone with superuser privileges on the Change Manager server is trusted. If superuser privileges are penetrated, security is breached.
Authorized Users on the Change Manager server - Authorized users are trusted because their access is controlled by Sun Management Center's access control lists. Change Manager does not provide direct tools for managing these lists. Change Manager also does not provide mechanisms for protecting one user's Change Manager data and managed hosts from another authorized user.
Other users on the Change Manager server - Other users that are logged in to the Change Manager server are not trusted. These users are not permitted to take unauthorized actions, nor are they permitted to see unauthorized data.
Superuser on managed hosts - Anyone with superuser privileges on a managed host is trusted with respect to that managed host. If superuser privileges on a managed host are penetrated, security is breached on all managed hosts. Such a user must be prevented from using Change Manager to further penetrate the network.
Other users on managed hosts - Other users that are logged in to managed hosts are not trusted. These users are not permitted to take unauthorized actions, nor are they permitted to see unauthorized data.
Users on other systems - Users on systems that are not related to Change Manager are not trusted. These users must be prevented from taking unauthorized actions and seeing unauthorized data.