Most of the budding Documentum developers get confused about the differences between a Super User and a Sysadmin. Though I had mentioned these points on my Documentum Security notes PDF file, I feel this needs a separate entry here. So just listing few important privileges of Sysadmin and Super User here. This list is not exhaustive but I guess I have most of it here, if you feel that I missed some important please feel free to add it as a comment.
Sysadmin
- Create, alter, and drop users and groups
- Create, modify, and delete system-level ACLs
- Grant and revoke Create Type, Create Cabinet, and Create Group privileges
- Create types, cabinets, and printers
- Manipulate workflows or work items, regardless of ownership
- Manage any object’s lifecycle
- Set the a_full_text attribute
The Sysadmin privilege does not override object-level permissions
Super User
- Perform all the functions of a user with Sysadmin privileges
- Unlock objects in the repository
- Modify or drop another user’s user-defined object type
- Create subtypes that have no supertype
- Register and unregister another user’s tables
- Select from any underlying RDBMS table regardless of whether it is registered or not
- Modify or remove another user’s groups or private ACLs
- Create, modify, or remove system ACLs
- Grant and revoke Superuser and Sysadmin privileges
- Grant and revoke extended privileges
- View audit trail entries
Ajith Prabhakar's Weblog 