AX2591

Security subsystems

Security subsystems allow you to define groups of users to be managed as a distinct "subset" of users within the system. Using subsystems, you can:

• Define a group of users to belong to the subsystem and be limited to a certain maximum level of permissions. When you create a subsystem, you are essentially drawing a permissions boundary that users who belong to the subsystem cannot cross.

• Assign one or more subsystem administrators who can manage security for the users that belong to the subsystem. This allows you to give certain users the right to manage other users' permissions, without needing to grant them full administrator rights or even full security administration rights.

Subsystems are not an alternative to roles. Roles grant permissions as a group; roles cannot be used to deny permissions or to grant user management rights. Subsystems are intended for situations where you need to create independently-managed user groups that work within the same system but only need access to specific defined areas of that system. Roles can then be used to grant permissions within the limits of the subsystem.

NOTE: Subsystems are optional in systems without installed products. Subsystem features are only available if you have enabled them using the system configuration settings.