iv-admin group

Members of the iv-admin group are considered administrators of the domain by the default policy. We can assign users to an administration role by adding them to the iv-admin group. Note that if a user becomes a member of this group with the default ACLs, the user immediately has full rights to do administration operations on any object in the protected object space.

When the policy server is configured, the administrator (sec_master) user is created and added to the iv-admin group. It is the combination of group memberships that grants sec_master complete rights for all operations within the management domain but only within the default policy. The sec_master user does not have rights to new groups created outside of the default policy unless it is added as a user or a member of a group.

Parent topic: Default administration users and groups