User roles

IBM Guardium Key Lifecycle Manager provides a super user (klmSecurityOfficer and klmGUICLIAccessGroup) role and the means to specify more limited administrative roles to meet the needs of your organization. By default, the SKLMAdmin user ID has the klmSecurityOfficer role.

For backup and restore tasks, IBM Guardium Key Lifecycle Manager also installs the klmBackupRestoreGroup to which no user IDs initially belong. Installing IBM Guardium Key Lifecycle Manager creates predefined administrator, operator, and auditor groups to manage LTO tape drives.

Before you begin, complete the following tasks:

• Determine the limits on device administration that your organization requires.

  For example, you might determine that a specific endpoint has its own administration.

• Estimate how many administrative users might be needed over an interval of time. For ease of use, consider specifying a group and a role to specify their tasks.

  For example, you might specify a group that has a limited range of permissions to manage only 3592 tape drives.