Authorization of OneSpan Authentication Server administrative operations

All administrative operations in OneSpan Authentication Server are linked to administrative privileges that need to be assigned to the administrator wanting to execute an operation. The operation which the administrator is performing must be in the boundaries of their domain scope.

For a full list of administrative privileges, refer to the OneSpan Authentication Server Administrator Reference, Section "Administrative privileges for ODBC data stores".

There is an exception to the rule that each administrator can only assign administrative privileges to another administrator, if they themselves have these privileges assigned to them.

This rule can be bypassed, if the administration scenario setting Restrict Administration Privileges Assignment has been disabled. This setting can be set via the Configuration Utility. When this setting is disabled, administrators can assign privileges that they do not own.

This could be used in the following scenarios:

• One administrator creates the user account and assigns an authenticator. This administrator has the administrator privileges assigned to perform these two administrative operations.
• One administrator assigns administrative privileges. This administrator can assign all administrative privileges, although they have only been assigned the privilege to set administrative privileges.