Deciding the value of AdminGranularControl
Use the following decision table to determine the value of AdminGranularControl in Table 1.
The AdminGranularControl variable determines whether
the IKYSETUP exec creates profiles to control the additional administrative
function access controls described in Using the PKISERV class to control access to administrative functions.
Note: The AdminGranularControl parameter
in pkiserv.conf determines whether the additional
administrative function access controls described in Using the PKISERV class to control access to administrative functions are enabled.
If … | Then … | Notes |
---|---|---|
You do not want to restrict certain administrative functions to certain PKI Services administrators and the value of the AdminGranularControl variable in pkiserv.conf is F ... | Do not change the default of AdminGranularControl = 0. | |
You want to restrict certain administrative functions to certain PKI Services administrators and the value of the AdminGranularControl variable in pkiserv.conf is T ... | Set AdminGranularControl = 1 . | You must also modify the pkigroup1_mem and
possibly pkigroup2_mem array variables to specify
the number of PKI Services administrators that are to be given access
to administrative functions and their user IDs. Depending on the
controls that you want to set, the number of PKI Services administrators,
and the templates configured for the system, you might also need to
add templatex, pkigroupx, pki_gidx, pkigroupx_mem,
and actionsx variables to the
IKYSETUP exec. For more information about granular control of administrator functions, see Using the PKISERV class to control access to administrative functions. |