By default, capabilities needed to perform auditing tasks are contained in the Top organization (object group). As a result, only those administrators who control Top can assign these capabilities to other administrators.
You can resolve this limitation by adding the capabilities to another organization. Identity Manager provides two utilities, located in the sample/scripts directory, to assist with this task.
To add the capabilities needed to perform auditing tasks to an organization other than Top, follow these steps:
Run the following command to list all capabilities (AdminGroups) and their associated organizations (object groups):
beanshell objectGroupUpdate.bsh -type AdminGroup -action list -csv
This command captures the output to a comma-separated value (CSV) file.
Edit the CSV file to adjust the capabilities organizational locations as desired.
Run this command to update Identity Manager.
beanshell objectGroupUpdate.bsh -data CSVFileName -action add -groups NewObjectGroup