Environment
Novell SecureLogin 6.0
Novell SecureLogin 6.1
Situation
Multiple SecureLogin administrators need access to only certain areas.
Resolution
The following are important to consider when determining ASL administration privileges:
1. Anyone administering SSO data must have rights to read/write data to the 6 protocom attributes on the particular object (e.g. OU, Group Policy, or User).
2. In addition to directory ACL’s, anyone administering SSO data must have NSL preferences set to allow them to perform the desired tasks. The following preferences should be set to Yes
- Allow users to view and modify application definitions (scripts)
- Allow users to view and modify preferences
- Allow users to view and modify names of applications and credential sets
Additional Information
Even if Directory administrators have Supervisor rights to the Directory, they will not be able to administer SecureLogin SSO data without the above preferences set to Yes.
Similarly, if SSO administrators have the appropriate NSL preferences set, they still require ACL’s at the Directory level to administer SSO data.