Secure Access User Interface Permissions

Secure Access administrative user interface has its own security settings. You can specify permissions for particular users (administrators or developers) so that they can manage only particular sections, such as users, applications, auditing log, etc. The following table contains description of those permissions:

Secure Access Administrative User Interface Permissions

Application part	Permissions
Applications (including management of application parts, permission types, roles and permission matrix)	Read - Can read all information in the application management. Change - Can modify all information in the application management. Create - Can create new items in the application management. Delete - Can delete all information in the application management. Manage Permissions - Can manage permissions for all applications and delegate administration of permissions and role members.
Auditing Log	Read - Can read all log records. Delete - Can delete all log records.
Catalog Settings	Read - Can read catalog settings. Change - Can modify catalog settings.
Custom Properties Definition	Read - Can read all items. Change - Can modify all items. Create - Can create new items. Delete - Can delete all items.
Organizational Units	Read - Can read all items. Change - Can modify all items. Create - Can create new items. Delete - Can delete all items. Manage Membership - Can manage members and membership of all organizational units and can delegate the administration of members of particular organizational unit.
User Groups	Read - Can read all items. Change - Can modify all items. Create - Can create new items. Delete - Can delete all items. Manage Membership - Can manage members and membership of all user groups and can delegate the administration of members of particular user group.
Users	Read - Can read all items. Change - Can modify all items. Create - Can create new items. Delete - Can delete all items. Manage Membership - Can manage user membership of all users.

There are predefined typical roles for Secure Access administration with following permissions:

Secure Access Roles

Role	Description
Secure Access Administrator	Administrator can manage everything.
Secure Access Application Administrator	Application administrator manages list of applications and their properties, as well as permissions.
Secure Access Auditing Log Administrator	Auditing log administrator can read and delete all auditing log records.
Secure Access Catalog Administrator	Catalog administrator can manage catalog settings.
Secure Access Object Schemas Administrator	Object schemas administrator can manage custom properties for all object types (user, user groups, etc.).
Secure Access Operators Administrator	Operators administrator manages all users, groups and organizational units and their members.
Secure Access Reader	Reader can read all information in the Secure Access catalog but cannot modify them.

Delegation

Delegation feature allows administrators to delegate other users (such as managers or team leaders) manage particular items by themselves. The delegation can be used for management of user group members, organizational unit members, role members and for management of permissions for particular application or application part.

You can modify delegated users in the "Delegated Users" section in user group/role/organizational units/application/application part details dialog.