This appendix lists the minimum administrative rights that must be granted to specific Logon Manager objects for Logon Manager to function.
Note:
Information in this appendix is provided for your reference. By default, Logon Manager automatically sets the appropriate rights when you extend your repository schema. If necessary, these rights can be manually granted and modified directly the repository.You must grant the following administrative rights to each container in which you want Logon Manager to store templates, policies, and other configuration items:
List Contents
Read All Properties
Write All Properties
Delete
Read Permissions
Modify Permissions
Modify Owner
Create vGOConfig Objects
Delete vGOConfig Objects
Create Organizational Unit Objects
·elete Organizational Unit Objects
You must grant the following administrative rights to vGOUserData and vGOSecret objects to audit user credentials:
For vGOUserData objects:
List Contents
Read All Properties
For vGOSecret objects:
List Contents
Read All Properties
You must grant the following administrative rights to vGOUserData and vGOSecret objects in order to delete user credentials:
Note:
Users able to delete credentials are automatically able to audit them.For vGOUserData objects:
List Contents
Read All Properties
Delete
Delete Subtree
Delete All Child Objects
For vGOSecret objects:
List Contents
Read All Properties
Delete
Delete Subtree
Delete All Child Objects