The property screens for a security manager definition can be used for adding, editing and deleting user, group and resource definitions held in the associated external security manager (ESM), and for specifying resource permissions. This functionality is dependent on the ESM module, with which you connect to the ESM, providing support, and on the ESM honouring the requests submitted through these screens. Where such support is not available, users, groups and resources must be managed through the tools provided with your external security manager. Please check the documentation provided with your ESM module for details.
In addition to the conditions listed above, the security manager definition must be included in the security manager list that is used by MF Directory Server. See To add a security manager to the Directory server's security manager list or, if MF Directory Server is using the Default ES Security configuration, To add a Security Manager to the Default ES Security Manager List.
For information about the entry fields, please refer to the page help for the screen.
The permissions are displayed in an inverted tree structure. Those on lower branches include the permissions on the branches from which they descend. For example, the permission to restore a repository includes the permission to import a repository. Therefore, restore is shown as a descendant of import.
When you grant a particular permission, any permissions that it includes are automatically granted. Hence, when you check the Restore Repository permission, the Import Repository permission is automatically checked as well.
Where a check box for a permission is greyed out, it indicates that the permission is included by other permissions that have been granted to the group. To revoke a permission that is included by others, you must first revoke those other permissions.