DELEGATE administrator permissions : By assigning specific security management permissions to an administrator's user account, you can delegate various security management activities to that administrator. For example, you could set up an administrator for a security domain group (such as a regional or local office) who would only have the ability to reset passwords for that group.

If there are child groups under a parent group, the administrator can delegate an administrator for each child group as well.

Administrators do not have to be members of groups for which they PERFORM administrative tasks. By default, only the Super Administrator has Read and Write access to objects in the system. Delegating administration responsibilities to a user on a security domain, does not AUTOMATICALLY grant Read and Write access to objects under the corresponding entity.

You can only assign those permissions that you have to other administrators.

If you disassociate an administrator from a security domain or organizational group, all user management privileges (such as manage USERS, lock/unlock users, reset passwords, enable/disable users, assign roles) are retained by that administrator and are not revoked.

Example

You WANT to designate Mary Smith as an administrator who can reset passwords for any users in the Boston Sales Office. You would navigate to the Boston Sales Office entity group detail page and assign the Reset Password permission to Mary Smith’s user account.

If there are multiple child groups under the Boston Sales Office entity group, Mary Smith could delegate an administrator for each child group. She would only be able to assign the Reset Password permission to another administrator.

Delegate administrator permissions : By assigning specific security management permissions to an administrator's user account, you can delegate various security management activities to that administrator. For example, you could set up an administrator for a security domain group (such as a regional or local office) who would only have the ability to reset passwords for that group.

If there are child groups under a parent group, the administrator can delegate an administrator for each child group as well.

Administrators do not have to be members of groups for which they perform administrative tasks. By default, only the Super Administrator has Read and Write access to objects in the system. Delegating administration responsibilities to a user on a security domain, does not automatically grant Read and Write access to objects under the corresponding entity.

You can only assign those permissions that you have to other administrators.

If you disassociate an administrator from a security domain or organizational group, all user management privileges (such as manage users, lock/unlock users, reset passwords, enable/disable users, assign roles) are retained by that administrator and are not revoked.

Example

You want to designate Mary Smith as an administrator who can reset passwords for any users in the Boston Sales Office. You would navigate to the Boston Sales Office entity group detail page and assign the Reset Password permission to Mary Smith’s user account.

If there are multiple child groups under the Boston Sales Office entity group, Mary Smith could delegate an administrator for each child group. She would only be able to assign the Reset Password permission to another administrator.