Suppose an InTrust administrator creates a task that generates reports on superuser access to Linux hosts. Only users from the Linux01 group can view and modify this reporting task. When a user from the Linux01 group opens InTrust Manager, only the Tasks node and the prepared task with the reporting job are available.
To implement this scenario, be sure to do all of the following:
During InTrust installation, the following groups are created on the InTrust server:
In addition, access to InTrust configuration is controlled by the following:
These settings are closely related to the role-based administration capabilities of InTrust, that is, help to control who has access to which InTrust objects. Role-based administration feature is disabled by default after the installation. For more information about enabling and using this feature, see the Role-Based Administration of InTrust topic.
InTrust organization administrators are members of a special list maintained in the InTrust configuration database. Accounts included in this list can do the following:
When you install the first InTrust server in the organization, the following accounts automatically become members of this list:
Before you install subsequent servers, you should add all the accounts you are going to use for setup to this list. For that, in InTrust Manager, open the properties of the root node and use the Add and Remove buttons to edit the list.
Caution: If you configured non-dbo accounts to access InTrust databases (as described in the Providing Database Access topic), make sure that the corresponding group is included in the list of InTrust organization administrators.