Using the SEAM Tool With Limited Kerberos Administration Privileges
All features of the SEAM Administration Tool are available if your admin principal has all the privileges to administer the Kerberos database. But it is possible to have limited privileges, such as being allowed to view only the list of principals or to change a principal's password. With limited Kerberos administration privileges, you can still use the SEAM Tool. However, various parts of the SEAM Tool will change based on the Kerberos administration privileges that you do not have. Table 10–6 shows how the SEAM Tool changes based on your Kerberos administration privileges.
The most visual change to the SEAM Tool occurs when you don't have the list privilege. Without the list privilege, the List panels do not display the list of principals and polices for you to manipulate. Instead, you must use the Name field in the List panels to specify a principal or policy that you want to manipulate.
If you login to the SEAM Tool, and you do not have sufficient privileges to perform tasks with it, the following message displays and you are sent back to the SEAM Administration Login window:
Insufficient privileges to use gkadmin: ADMCIL. Please try using another principal. |
To change the privileges for a principal to administer the Kerberos database, go to How to Modify the Kerberos Administration Privileges.
Table 10–6 Using SEAM Tool With Limited Kerberos Administration Privileges|
Disallowed Privilege |
Change the SEAM Tool |
|---|---|
|
a (add) |
The Create New and Duplicate buttons are unavailable in the Principal List and Policy List panels. Without the add privilege, you cannot create new principals or policies or duplicate them. |
|
d (delete) |
The Delete button is unavailable in the Principal List and Policy List panels. Without the delete privilege, you cannot delete principal or policies. |
|
m (modify) |
The Modify button is unavailable in the Principal List and Policy List panels. Without the modify privilege, you cannot modify principal or policies. Also, with the Modify button unavailable, you cannot modify a principal's password, even if you have the change password privilege. |
|
c (change password) |
The Password field in the Principal Basics panel is read-only and cannot be changed. Without the change password privilege, you cannot modify a principal's password. Note that even if you have the change password privilege, you must also have the modify privilege to change a principal's password. |
|
i (inquiry to database) |
The Modify and Duplicate buttons are unavailable in the Principal List and Policy List panels. Without the inquiry privilege, you cannot modify or duplicate a principal or policy. Also, with the Modify button unavailable, you cannot modify a principal's password, even if you have the change password privilege. |
|
l (list) |
The list of principals and policies in the List panels are unavailable. Without the list privilege, you must use the Name field in the List panels to specify the principal or policy that you want to manipulate. |
- © 2010, Oracle Corporation and/or its affiliates