Difference between Super User and Sysadmin


Most of the budding Documentum developers get confused about the differences between a Super User and a Sysadmin. Though I had mentioned these points on my Documentum Security notes PDF file, I feel this needs a separate entry here. So just listing few important privileges of Sysadmin and Super User here. This list is not exhaustive but I guess I have most of it here, if you feel that I missed some important please feel free to add it as a comment.

Sysadmin

  • Create, alter, and drop users and groups
  • Create, modify, and delete system-level ACLs
  • Grant and revoke Create Type, Create Cabinet, and Create Group privileges
  • Create types, cabinets, and printers
  • Manipulate workflows or work items, regardless of ownership
  • Manage any object’s lifecycle
  • Set the a_full_text attribute

 The Sysadmin privilege does not override object-level permissions

 Super User

  • Perform all the functions of a user with Sysadmin privileges
  • Unlock objects in the repository
  • Modify or drop another user’s user-defined object type
  • Create subtypes that have no supertype
  • Register and unregister another user’s tables
  • Select from any underlying RDBMS table regardless of whether it is registered or not
  • Modify or remove another user’s groups or private ACLs
  • Create, modify, or remove system ACLs
  • Grant and revoke Superuser and Sysadmin privileges
  • Grant and revoke extended privileges
  • View audit trail entries

Download this Study Note (PDF)

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s