Defining administrative permissions, Workgroup manager basics, 150 workgroup manager basics – Apple Mac OS X Server (Version 10.6 Snow Leopard) User Manual

Page 150

Advertising
background image

Server Admin updates to reflect what operations are possible for a user’s permissions.
For example, some services are hidden or the Settings pane is dimmed when you can
only monitor that service.

Because the feature is enforced on the server side, the permissions also impact the
usage of serveradmin, dscl, dsimport, and pwpolicy command-line tools because these
tools are limited to the permissions configured for the administrator in use.

Defining Administrative Permissions

You can decide if a user or group can monitor or administer a server or service
without giving them the full power of a UNIX administrative user. Assigning effective
permissions to users creates a tiered administration, where some but not all
administrative duties can be carried out by designated individuals.

To assign permissions:

1

Open Server Admin.

2

Select a server, click the Settings button in the toolbar, and then click the Access tab.

3

Click the Administrators tab.

4

Select whether to define administrative permissions for all services on the server or for

select services.

5

If you define permissions by service, select the related checkbox for each service you

want to turn on.
If you define permissions by service, be sure to assign administrators to all the active
services on the server.

6

Click the Add (+) button to add a user or group from the users and group window.

To remove administrative permissions, select a user or group and click the Remove (-)
button.

7

For each user or group, select the permissions level next to the user or group name.

You can choose Monitor or Administer.
The capabilities of Server Admin to administer the server are limited by this setting
when the server is added to the Server list.

Workgroup Manager Basics

You use Workgroup Manager to administer the following accounts: user accounts,
group accounts, and computer lists. You also use it to set preferences for Mac OS X
user accounts, group accounts, computers, and to access the Inspector, an advanced
feature that lets you do raw editing of Open Directory entries.

150

Chapter 7

Ongoing System Management

Advertising
See also other documents in the category Apple Software: