Administrator Permissions

Administrators are a special class of users that can manage the EMS server. Administrators create, modify, and delete users, destinations, routes, factories, and other items. In general, administrators must be granted permission to perform administration activities when using the Administration Tool or administration API. Administrators can be granted global permissions (for example, permission to create users or to view all queues), and administrators can be granted permissions to perform operations on specific destinations (for example, purging a queue, or viewing properties for a particular topic).

Warning: Administrator permissions control what administrators can view and change in the server only when using the Administration Tool or administration API. Administrator commands create entries in each of the configuration files (for example, tibemsd.conf, acl.conf, routes.conf, and so on).

You should control access to the configuration files so that only certain system administrators can view or modify the configuration files. If a user can view or modify the configuration files, setting permissions to control which destination that user can manage would not be enforced when the user manually edits the files.

Use the facilities provided by your Operating System to control access to the server’s configuration files.

Administrators must be created using the administration tool, the administration APIs, or in the configuration files.