From: Seonman K. <seo...@jp...> - 2005-01-20 09:48:34
|
Hi, I have tried to test administrator privileges by creating a new Administrator group, and add an administrator to that group. What I did for this is like below: - Add "RAAdmin" group, and set Access rule as "RA Administrators". And I selected the following privileges as follows: - Authorized CA: AdminCA1 (the root admin CA) - End Entity Rules: all six end entity rules: (View End Entities, View History, Create End Entities, Edit End Entities, Delete End Entities, Revoke End Entities) - End Entity Profiles: select EMPTY (this is the default end entity profile for AdminCA1) - Other rules: no selection. And, press "Save" button. Now then, add a "raadmin1" administrator with administrator flag on, and add "raadmin1" to RAAdmin administrator group. After batch process, I got raadmin1's certificate. I installed it in my browser. To test, I access the EJBCA admin page as "raadmin1" user. I got the menu of: - Home - Add End Entity - List/Edit End Entities - My Preferences It's OK until now, but when I click "Add End Entity", I got "Authorization Denied, No create rigits to any end entity profiles". This is weird, because I enabled all the "End entity rules" to the RAAdmin group. Another weird thing is: when I try to List End Entities, I got always "No end entities found". (I tried the things above as superadmin, and all of those worked fine.) Could you please check this problem? Regards, Seonman Kim |