Novell ZENworks 7 Linux Management - ZLM7
Idiosyncrasy's of zlman that may not be readily apparent from reading: man zlman pages, zlman --help , and ZLM documentation.
In ZENworks Control Center (ZCC) > Configuration > Administrators > <select-a-user> , enabling 'Can Create and Manage Other Administrators' of an 'administrator' user can be done by logging into ZCC with the 'Administrator' account only. Enabling 'Can Create and Manage Other Administrators' can be done with zlman by an 'administrator' user to another 'administrator' user after an 'administrator' user has been granted 'Can Create and Manage Other Administrators' rights by the 'Administrator' first? If an attempt is made to grant rights (ara ) before 'Can Create and Manage Other Administrators' by the 'Administrator' have been given (in ZCC or zlman ), the error is: 'Fatal Error: An error occurred while trying to modify the administrator's rights.'
A. To assign create rights, use admin-rights-assign (ara)
zlman ara -c/-m/-v/-n "<user_name>" -a /
This command will give the privilege's to the 'administrator' user. Use 'Administrator' and password to assign the create rights to the first 'administrator' account.
zlman ara -c "user1" -a / (note the space between the a and /)
zlman ara -m "user1" -a / -U <user> -P <pw>
"/" = the path /administrators.
Without the "/" after the -a , the error is: 'Fatal Error: Object not found:'
Similarly, for -b switch "/" refers to /Bundles . This way rights can assigned to the user for each container.
B. To verify the rights were assigned use admin-rights-get (arg) : zlman arg -U <user> -P <pw> -a "user"
For the purpose of this TID:
'Administrator' = user with all rights that is installed during ZLM installation.
'administrator' = users created and listed in ZCC > Configuration > Administrators. The ZLM installed 'Administrator' is not listed.
Primary zlman help is: man zlman .
zlman --help or zlman <command> --help is also available.
ZLM 7.x documentation (www.novell.com/documentation) also contains zlman usage and help information.
Functionalities that are 'Working As Designed' (WAD):
'administrator' users cannot enable / disable the settings 'Can Create and Manage Other Administrators' and 'Can Modify Zone Settings' in ZCC > Configuration > Administrator list > <select-a-user> , only the 'Administrator' user can do this. The create rights (zlman ara -c ) can be assigned with zlman by 'administrator' users to other 'administrator' users, but cannot be given in ZCC by 'administrator' users.
Also, 'administrator' users can only give rights at the folder level. For example, there is a bundle named test1 and bundle folder named folder1 under ZCC > Bundles . 'administrator' users can assign rights only to the folder (folder1 ), but cannot assign rights to individual bundle (test1 ).
The zlman ara -m switch denotes modify specific object (folder). The zlman ara -m switch is not for 'Can Modify Zone Settings' so 'Can Modify Zone Settings' will not be check marked after using zlman ara -m . There is no zlman switch for 'Can Modify Zone Settings' , meaning this can only be set in ZCC with the 'Administrator' user created during the ZLM install.
To reiterate, what can be done with zlman ara -c from the command-line, cannot be done in ZCC by the 'administrator' user. The 'administrator' users are limited in ZCC after given -c (create) rights, they still cannot enable / disable the settings: 'Can Create and Manage Other Administrators' and 'Can Modify Zone Settings' . Only the 'Administrator' created with the ZLM install can do that.
Backups per ZLM documentation are recommended.