User types

Content Manager OnDemand provides the ability to centralize or decentralize the administration of the system. Content Manager OnDemand also provides the flexibility to control access to objects from different levels. The most basic level of control is how the user is defined to the system. When a user is added, a user type is specified. Each user type has a different level of authority:
System Administrator
A system administrator has the highest level of authority on the system. A system administrator can perform all tasks on all of the objects that are defined to a Content Manager OnDemand system. The objects are users, groups, applications, application groups, folders, printers, storage sets, and cabinets. The tasks are add, update, delete, copy, export, create a summary, and view properties. A system administrator also has the authority to modify the system parameters.
System Administrator (Read-Only)
A read-only system administrator can log on to the OnDemand Administrator client and the ARSXML batch administration program with read-only access to all Content Manager OnDemand objects. In the OnDemand Administrator client, objects can be viewed and summarized. Add, Update, Delete, Copy, and Export options are not available; Trace Parameters and System Parameters can be viewed but not updated. With ARSXML, all objects can be exported, including Trace Parameters and System Parameters.
Application Group/Folder/Cabinet administrator
An application group/folder/cabinet administrator has the authority to perform all tasks on all of the applications, application groups, folders, and cabinets that are defined to a Content Manager OnDemand system. The tasks are add, update, delete, copy, export, create a summary, and view properties.
Hold Administrator
A user that can add, update, delete, or view hold objects.
User Administrator
A user administrator has the authority to perform all tasks on all of the users that are defined to a Content Manager OnDemand system. The tasks are add, update, delete, copy, export, create a summary, and view properties. Note: A user administrator cannot create or delete a system administrator or an application group/folder/cabinet administrator or change the user type of a system administrator or an application group/folder/cabinet administrator.
User
A user has the lowest level of authority on the system. A user does not have access to any object on the system and therefore, cannot perform any tasks. The user must be given the authority to access an object and to perform a task on the object.
Restriction:

When adding or updating a user, you are not permitted to set the User Type or Authority to a level that exceeds your own. For example, a user with Create Users and Create Groups authority cannot create a user with Create Folders authority.

By default, only the user, the user that created the user, user administrators, and system administrators can view or maintain the user. See the User Permissions page for more information.

Only a system administrator, an application group/folder/cabinet administrator, a user with administrator authority for an application group, or a user with add document permission can store data in an application group.

Only a system administrator, an application group/folder/cabinet administrator, or a user with delete document permission can delete data from an application group.

Users who need to run server commands such as those listed in Command reference or server APIs from QSHELL such as those listed in API and user exit reference need to have QONDADM as the group profile (or a supplemental group) in their IBM® i user profile.