The separation of access management and system administration duties is new in version 7.0 of Guardium.
There are two predefined users on a Guardium appliance: accessmgr and admin.
accessmgr is the user name assigned to the access manager. By default, the access manager is the only user authorized to manage user accounts and security roles.
admin is the user name assigned to the (primary) Guardium administrator. By default, the administrator does not have authority to manage user accounts or security roles. The admin user has a more extensive set of privileges, described in the Guardium Administration Guide Overview.
Notes
When an appliance is upgraded from 6.1 to 7.0 using the upgrade patch, the accessmgr role will be assigned to the admin user, and the accessmgr user will be disabled. To configure the accessmgr and admin users as on a new 7.0 appliance, first log in as admin and enable the accessmgr user, then log in as accessmgr (the initial password is “accessmgr” - you will be prompted to change it), and remove the accessmgr role from the admin user.
In smaller installations, where one individual performs all of the administrative and access management functions, you can log in first as the accessmgr user, and grant the accessmgr role to the admin user. Then when you log in as admin, you will have both admin and accessmgr privileges.
The access manager performs the following tasks:
Create a default layout for a role based on an existing user layout: see Generate New Layout in the CLI Reference.