User roles
IBM® Security Guardium® Key Lifecycle Manager provides
a super user (klmSecurityOfficer
and klmGUICLIAccessGroup
)
role and the means to specify more limited administrative roles to
meet the needs of your organization. By default, the SKLMAdmin
user
ID has the klmSecurityOfficer
role.
For backup and restore tasks, IBM Security Guardium Key Lifecycle Manager also
installs the klmBackupRestoreGroup
to which no user
IDs initially belong. Installing IBM Security Guardium Key Lifecycle Manager creates
predefined administrator, operator, and auditor groups to manage LTO tape drives.
Before you begin, complete the following tasks:
- Determine the limits on device administration that your organization
requires.
For example, you might determine that a specific device group has its own administration.
- Estimate how many administrative users might be needed over an
interval of time. For ease of use, consider specifying a group and
a role to specify their tasks.
For example, you might specify a group that has a limited range of permissions to manage only 3592 tape drives.