Use the kadminl_ui window to assign
administrative permissions to users. When a principal is assigned
administrative permissions, the principal and its permissions are
saved to the admin_acl_file located on the
primary security server.
We recommend the convention of adding a principal with the
instance /admin to identify a principal who
is an administrator. The user's /admin instance
should have a different password than other instances, thus providing
additional security during administrative tasks. Users signing on
to kadmin_ui to perform administrative tasks
must log in with the admin principal. For example, user/admin@REALM.
To
set administrative permissions |
 |
In the kadminl_ui window,
choose the Principals tab and select the realm
where the principal resides.
Find the principal to be assigned
administrative permissions and then click Edit. The Principal Information window
appears. See “Finding
a Principal” on
how to search for a principal.
From the Edit menu, select Edit Administrative Permissions.
The Administrative Permissions window appears.
Select the appropriate permissions
for the principal. The principal may be assigned permissions for
all realms or just for the realm where the principal resides.
To enable a principal to run the Administrator program,
the principal must have the Inquire About Principals
permission enabled.
Click OK to save the permissions to admin_acl_file.
Printable version
