IBM Security Privileged Identity Manager, Version 2.1.1

Administrative domains

An administrative domain (admin domain) identifies a subsidiary part of an organization as a separate entity.

Credentials, resources, identity providers, access, and applications are managed under administrative domains.

Domain administrators can do only the administrative tasks on their domains. They cannot do system configuration tasks, which are configuration settings that affect the entire system.

An admin domain is considered a type of organization node. To add, change or delete admin domains, complete the steps for adding, changing, or deleting a node in an organization tree.

You can specify an IBM® Security Privileged Identity Manager user as the administrator of an admin domain. Enter the IBM Security Privileged Identity Manager user in the administrator field, in the administrator console, in the organization tree, for an Admin Domain node. Then, the IBM Security Privileged Identity Manager user is granted the appropriate rights based on access control items (ACI) to do administration tasks in that domain.

Any IBM Security Privileged Identity Manager user who can add, modify, or delete an admin domain can also specify the administrator for the admin domain. This administrator is usually a system administrator. Other users can be given rights to add, modify, or delete an admin domain through ACIs.

Parent topic: Organization administration
Related tasks:
Making a user a domain administrator
Creating a node in an organization tree
Changing a node in an organization tree
Deleting a node in an organization tree

Feedback