An administrator domain (admin domain) identifies a subsidiary part of an organization as a separate entity. The entity has its own policies, services, and access control items. The entity also has an administrator whose actions and views are restricted to that domain.
Domain administrators can do only the administrative tasks on their domains. They cannot do system configuration tasks, which are configuration settings that affect the entire system.
An admin domain is considered a type of organization node. To add, change or delete admin domains, complete the steps for adding, changing, or deleting a node in an organization tree.
You can specify an IBM® Security Privileged Identity Manager user as the administrator of an admin domain. Enter the IBM Security Privileged Identity Manager user in the administrator field. The assignment is confirmed. Then, the IBM Security Privileged Identity Manager user is granted the appropriate privileges (access control items, or ACIs) to do administration tasks in that domain.
Any IBM Security Privileged Identity Manager user who can add, modify, or delete an admin domain can also specify the administrator for the admin domain. This user is either an IBM Security Privileged Identity Manager administrator or an IBM Security Privileged Identity Manager user. The user has rights to add, modify, or delete an admin domain through ACIs.