As the owner of a BCDE server I'd like to be able to keep the option for certain authentication methods available on my server, but make sure they are not able to be generally assigned out by the system administrators.
|
Practical use of functionality?
A server owner would like to allow certain user accounts used for testing to be able to use the "local login" authentication method. However, in general they would like their system users to use IMS for authentication. They don't want their system administrators to be able to assign the "local login" authentication method to users on creation. |
|
|
What is the impact of not doing this?
System owners need to perform regular checks on the authentication methods set on all users to make sure none have been assigned an inappropriate authentication method. |
Is this a requirement to separate out User Administration capabilities from the broader system administration capabilities?
The user administrator would be able to create a user account BUT they would not be able to choose the authentication method.
The system administrator would be able to set the "standard" authentication method and also to choose the authentication method when creating a user.