Enforcement of Administrator Permissions

An administrator can only perform actions for which the administrator has been granted permission. Any action that an administrator performs may be limited by the set of permissions granted to that administrator.

For example, an administrator has been granted the view permission on the foo.* destination. This administrator has not been granted the global view-destination permission. The administrator is only able to view destinations that match the foo.* parent destination. If this administrator is granted the global view-acl permission, the administrator is only able to view the access control list for destinations that match the foo.* parent. Any access control lists for other destinations are not displayed when the administrator performs the showacl topic or showacl queue commands.

If the administrative user attempts to execute a command without permission, the user may either receive an error or simply see no output. For example, if the administrator issues the showacl queue bar.foo command, the administrator receives a “Not authorized to execute command” error because the administrator is not authorized to view any destination except those that match foo.*.