USERSAdmin Privileges (tab)

The USERS > Admin Privileges tab allows you to inspect and modify the administrative privileges assigned to the selected user (see Administrative privileges).

Editing administrative privileges

In edit mode, select the checkboxes of the respective administrative privileges that you want to assign to the user, or clear the ones that you want to remove. If you select an administrative privilege that has any prerequisite privileges, the respective privileges it depends on are automatically selected as well. Removing an administration privilege by clearing its checkbox will also automatically remove any other privileges that depend on it.

Some administrative privileges may not have checkboxes. A red 'X' means that the privilege is not assigned to the user, and you cannot assign it. A green check mark means that the privilege is assigned (and you cannot unassign it).

You can only assign and unassign privileges that are also assigned to you.

Copying admin privileges

Instead of manually assigning privileges to the user, you can also copy privileges from another user.

Domain scope

In ODBC, there are two types of administrators:

  • Global administrators are not restricted by domain, and can read and/or write data regardless of the domain to which the data belongs. Global administrator accounts are created in the master domain, and the administrative privileges assigned to them apply throughout all domains.
  • Delegated administrators are administrators created in domains other than master. Their administration privileges only extend to their respective domain scopes.

When you edit the privileges of a delegated administrator, you can edit the domain scope for delegated administration. All administrative privileges extend to all domains within an administrator's domain scope.

To edit an administrator's domain scope, switch to edit mode, then switch to the Admin Privileges page. Select the domain items to move them between the list panels in the Domain Scope section. The domains in the right list define the domain scope for the administrator account.

The following rules apply to editing domain scopes:

  • Delegated administrators cannot edit their own domain scope.
  • Delegated administrators can only assign domains within their own domain scope to another delegated administrator. A global administrator, on the other hand, can assign any domain to another delegated administrator.
  • Only the domain scope of delegated administrators can be edited.

For more information about ODBC administrators and domain scopes, refer to the OneSpan Authentication Server Administrator Guide.