Multiple administrators can change specific parts of the server through distributed administration.
The default Directory Service must be an LDAP-based directory service for distributed administration to work.
With distributed administration there are two levels of users:
superuser is the user listed in the server_root/https-admserv/config/admpw file. This is the user name (and password) you specified during installation. This user has full access to all forms in the Administration Server, except the Users & Groups forms, which depend on whether or not the superuser has a valid account in an LDAP server such as the Sun Java System Directory Server.
administrators go directly to the Server Manager forms for a specific server, including the Administration Server. The forms they see depend on the access control rules set up for them (usually done by the superuser). Administrators can perform limited administrative tasks and can make changes that affect other users, such as adding users or modifying access control.
For more information on access control, see What Is Access Control?.
Before you can enable distributed administration, you must install a Directory Server. For more information, see the Sun Java System Web Server 6.1 SP6 Installation and Migration Guide and the Sun Java System Directory Server Administrator’s Guide.
Access the Administration Server.
Once you have installed a Directory Server, you might need to create an administration group, if you have not created it.
To create a group, perform the following steps:
Choose the Users & Groups tab.
Click the New Group link.
Create an “administrators” group in the LDAP directory and add the names of the users who have permission to configure the Administration Server, or any of the servers installed in its server root. All users in the “administrators” group have full access to the Administration Server, but you can use access control to limit the servers and forms they are allowed to configure.
Once you create an access-control list, the distributed administration group is added to that list. If you change the name of the “administrators” group, you must manually edit the access-control list to change the group it references.
Choose the Preferences tab.
Click the Distributed Admin link.
Make the necessary changes and click OK.
For more information, see the Distributed Administration page in the online help.