Creating System Administrator Policies

A System Administrator Policy controls access to forms in the System Administration Tool. When you create a policy, you set permissions that grant Read or Read/Write access to forms. You can also Deny access to forms, which hides them from the user.

Policies are assigned to users (one per user only) in the User Authorization Profiles form and distributed to all cluster elements by SDS.

There are four default policies—ROOT, SYSTEM, NO ACCESS, and REMOTE—each with different levels of access as described in the following table:

Level	Form Access Allowed	Permissions Granted
ROOT Administrator (equivalent to the SDS Administrator in 7.x and earlier releases)	All.	Read/Write
SYSTEM Administrator	All except: System Administrator Policy Configuration User Authorization Profile Shared Forms Configuration form	System Administrator Policy Configuration: Deny User Authorization Profile: Read All others: Read/Write
REMOTE System Management	Same as System Administrator except for the following IP networking forms: System IP Configuration form (for all nodes) IP Routing form (for CXi and MXe) All forms in the Internet Gateway branch (for CXi and MXe) All forms in the Firewall branch (for CXi and MXe)	IP Networking: Deny All others: Read/Write
NO ACCESS	TBD	TBD There is a need for a new System Access Policy named 'r;No Access'. This will be added as a default policy that can't be deleted. The Info view for this policy will display 'r;No Access', but the members of the policy may be changed. As well, this form will now contain a 'r;Change' button. User-defined policies will be permitted to have their names changed, although the system-defined policies may not – attempting to change their names will be rejected

Notes:
The default policies can be changed, except the ROOT policy.
SDS Administrators on systems upgraded to Release 8.0 are automatically assigned ROOT Administrator access rights. (All other System Administration Tool users are assigned the SYSTEM policy.)

To create a new System Administrator policy:

Log in as a Root Administrator.
In the System Administrator Policy Configuration form, click Add.
Type a name up to 25 alphanumeric characters for the policy.
Select a Default Access Type. This sets the permissions on all forms, which you can change for individual forms; see below for instructions.
By default, all forms are Read/Write.
Click Save.

To change the access type for individual forms:

Select a form from the Policy Members area.
Click Change Member.
Select an Access Type.
Click OK.

Change Page Members and Change All Members allow you to change the access type for currently listed forms only, or for all forms. To assign a System Administrator policy to a user, see Assigning Administrators