User roles

IBM® Security Guardium® Key Lifecycle Manager provides a super user (klmSecurityOfficer and klmGUICLIAccessGroup) role and the means to specify more limited administrative roles to meet the needs of your organization. By default, the SKLMAdmin user ID has the klmSecurityOfficer role.

For backup and restore tasks, IBM Security Guardium Key Lifecycle Manager also installs the klmBackupRestoreGroup to which no user IDs initially belong. Installing IBM Security Guardium Key Lifecycle Manager creates predefined administrator, operator, and auditor groups to manage LTO tape drives.

Before you begin, complete the following tasks:

  • Determine the limits on device administration that your organization requires.

    For example, you might determine that a specific device group has its own administration.

  • Estimate how many administrative users might be needed over an interval of time. For ease of use, consider specifying a group and a role to specify their tasks.

    For example, you might specify a group that has a limited range of permissions to manage only 3592 tape drives.