Administrator domains
An administrator domain (admin domain) identifies a subsidiary part of an organization as a separate entity. The entity has its own policies, services, and access control items. The entity also has an administrator whose actions and views are restricted to that domain.
Domain administrators can do only the administrative tasks on their domains. They cannot do system configuration tasks, which are configuration settings that affect the entire system.
An admin domain is considered a type of organization node. To add, change or delete admin domains, complete the steps for adding, changing, or deleting a node in an organization tree.
We can specify an Security Identity Manager user as the administrator of an admin domain. Enter the ISIM user in the administrator field. The assignment is confirmed. Then, the ISIM user is granted the appropriate privileges (access control items, or ACIs) to do administration tasks in that domain.
Any Security Identity Manager user who can add, modify, or delete an admin domain can also specify the administrator for the admin domain. This user is either an ISIM admin or an Security Identity Manager user. The user has rights to add, modify, or delete an admin domain through ACIs. Before Security Identity Manager version 5.0, users were not automatically granted rights as the administrator of an admin domain. Instead, ACIs were required to be added manually. With Security Identity Manager version 5.0 and later, the default ACIs automatically grant the domain administrator the rights for administering the admin domain. The domain administrator is a built-in ACI principal.
Parent topic: Organization administration
Related tasks