Using the SEAM Tool With Limited Kerberos Administration Privileges
All the features of the SEAM Administration Tool are available if your admin principal has all the privileges to administer the Kerberos database. But it is possible to have limited privileges, such as being allowed to view only the list of principals or to change a principal's password. With limited Kerberos administration privileges, you can still use the SEAM Administration Tool; however, various parts of the SEAM Tool will change based on what Kerberos administration privileges you do not have. Table 5-8 shows how the SEAM Tool changes based on your Kerberos administration privileges.
The most visual change to the SEAM Tool is when you don't have the list privilege. Without the list privilege, the List panels do not display the list of principals and polices for you to manipulate. Instead, you must use the Name field in the List panels to specify a principal or policy you want to work on.
If you log on to the SEAM Tool and you don't have sufficient privileges to perform useful tasks with it, the following message will display and you will be sent back to the Login window:
Insufficient privileges to use gkadmin: ADMCIL. Please try using another principal. |
To change the privileges for a principal to administer the Kerberos database, go to "How to Modify the Kerberos Administration Privileges".
Table 5-8 Using SEAM Tool With Limited Kerberos Administration Privileges|
If You Don't Have This Privilege ... |
Then the SEAM Tool Changes as Follows ... |
|---|---|
|
a (add) |
The Create New and Duplicate buttons are not available in the Principal and Policy List panels. Without the add privilege, you can't create new or duplicate principal or policies. |
|
d (delete) |
The Delete button is not available in the Principal and Policy List panels. Without the delete privilege, you can't delete principal or policies. |
|
m (modify) |
The Modify button is not available in the Principal and Policy List panels. Without the modify privilege, you can't modify principal or policies. Also, with the Modify button unavailable, you can't modify a principal's password, even if you have the change password privilege. |
|
c (change password) |
The Password field in the Principal Basics panel is read-only and cannot be changed. Without the change password privilege, you can't modify a principal's password. Note that even if you have the change password privilege, you must also have the modify privilege to change a principal's password. |
|
i (inquiry to database) |
The Modify and Duplicate buttons are not available in the Principal and Policy List panels. Without the inquiry privilege, you can't modify or duplicate a principal or policy. Also, with the Modify button unavailable, you can't modify a principal's password, even if you have the change password privilege. |
|
l (list) |
The list of principals and policies in the List panels are unavailable. Without the list privilege, you must use the Name field in the List panels to specify the principal or policy you want to work on. |
- © 2010, Oracle Corporation and/or its affiliates