Sun OpenSSO Enterprise 8.0 Administration Guide

Delegating Administrator Privileges

OpenSSO Enterprise administrators are delegated responsibilities based on privileges assigned to groups. A privilege is an action that can be performed on a resource; for example, a READ operation on a log. Privileges can be dynamically assigned to users deemed administrators by creating a group, assigning to it the appropriate privilege, and adding the appropriate user as a member of the group.

Note –

For more information on groups, see Chapter 5, Creating Subjects.

Once a group is created, it appears under the realm's Privileges tab. To add privileges, click the group name and assign the appropriate operation. Members belonging to the group would then be able to perform the assigned operation(s). The following privileges can be delegated.

Note –

If you have upgraded Access Manager from version 7.0 to OpenSSO Enterprise, the privilege configuration differs from that of a fresh installation. To assign or modify privileges, click the name of the role or group you wish to edit and select from the following: