AX2592

About subsystem admins

When a user is assigned as a subsystem admin, that user can access security to manage users and roles that belong to the subsystem.

Subsystem admins are not admin-level users. The behavior is similar to being granted the Administer Security permission, except that the subsystem admin can only work with users and roles within the subsystem.

Subsystem admins can do the following:

• Create, edit, and delete users and roles within the subsystem.

• Assign roles to users in the subsystem. The users can be assigned to subsystem-specific roles or to "global" roles (roles that do not belong to any subsystem).

• Remove locks held by users in the subsystem. This applies to document and table locks, and save data locks, where the subsystem admin has some level of access to the locked item.

• Use Log in as selected user to test the permissions of any user in the subsystem by logging in as that user.

  NOTE: NOTE: If a system admin is assigned to the subsystem, the subsystem admin cannot log in as that user.

Subsystem admins cannot edit the subsystem settings, except to assign users and roles to the subsystem. It is assumed that the subsystem is created by a system admin (or delivered as part of an installed product), and then the subsystem admin manages the users and roles within that predefined framework.

The subsystem admin can be any user. The subsystem admin may belong to the subsystem as a user if preferred, but that is not a requirement. If the subsystem admin is also a member of the subsystem, then the subsystem admin can edit his or her own user permissions, but overall those permissions are restricted by the limits of the subsystem.