Show TOC Anfang des Inhaltsbereichs

Hintergrunddokumentation Types of User Administrator  Dokument im Navigationsbaum lokalisieren

Use

In delegated administration, we distinguish between overall user administrators and delegated user administrators:

      Overall User Administrators can add, modify and delete users of all companies. They can create and administer delegated user administrators and assign them appropriate roles and permissions. In addition the following tasks can only be performed by an overall user administrator:

       Group management

       Role management with permissions to assign all roles to all users and groups

       User mapping

       Import and export of user data

       UME configuration

       Consistency check and repair tools

In the portal, overall user administrators are all administrators who are assigned to the Super Administration or User Administration role. In all other cases, overall user administrators must belong to a role to which the UME.Manage_All action is assigned.

      Delegated User Administrators can add, modify and delete users that belong to the same company as the delegated user administrator. When they search for users, only users in their company are displayed. They cannot perform any actions involving groups.

Hinweis

In the portal, delegated user administrators can only assign roles to their company users. They cannot assign roles to groups. They can only assign portal roles for which they have the Role Assigner permission. They do not need to have any Administrator or End User permissions for the role. For more information about the Role Assigner permission, see Permission Levels.

In the portal, delegated user administrators are all administrators who are assigned to the Delegated User Admin role. In all other cases, delegated user administrators must belong to a role to which the UME.Manage_Users action is assigned.

You can also create a delegate password administrator by assigning the action UME.Manage_User_Passwords.

Achtung

Do not assign the UME.Manage_Roles action to a delegated user administrator. This action allows users to assign roles using the UME Web-based tool. Since the Web-based tool does not check for the Role Assigner portal-permission, users can assign themselves any role if they have the UME.Manage_Roles action. For example, a delegated user administrator could assign him or herself the Administrator role and would then have full administrator authorizations.

Constraints

      Each user can only belong to one company. This means that each delegated user administrator can only belong to one company as well, therefore he or she cannot administer more than one company.

      It is not possible to have a hierarchy of companies. As a result, you cannot have a hierarchy of user administrators.

Ende des Inhaltsbereichs