In our previous UserApp installation, we used the 'root administrator'
as the Identity Vault Administrator in the UserApp config. We're trying
to move away from using this user towards using separate admin users
with more restricted rights where possible. We've been struggling to
find much in the way of documentation regarding exactly what rights the
'Identity Vault Administrator' requires - the most we've found is table
5-3 in 'section 5.1.3 of the UserApp Admin Guide'
( which simply says:
> If you specify some other user, you need to assign inheritable trustee
> rights to the properties [All Attributes Rights] and [Entry Rights] on
> your User Application driver.

We interpreted this as granting inheritable supervisor rights to the
above properties on the UserApp driver object (which seems quite
straightforward), however this does not in fact appear to be sufficient.
Has anyone else done this (we would be surprised if not) and, if so,
what additional rights need to be granted? Supervisor rights to the
entire tree would be something that we would like to avoid if

Many thanks for any help or advice you can provide,

ChrisReeves's Profile:
View this thread: