We are running Novell IDM 4.0.1 on SLES 11 SP1. I have plans to create
an admin group. On adding a user to this group, he should get complete
access to all the objects in edirectory (This is in production).

However, I would like this group to have the following restrictions.
1. I don't want him to modify/delete the super admin (IDMadmin and the
USerApp admin).
2. I don't want him to delete the drivers in production.

The question arises as to how to grant these rights. Please help me
with this and suggest me on the method to be followed to grant these

Also do suggest me If i can impart some additional restrictions.

Thanks in advance.

GopinathRao's Profile: http://forums.novell.com/member.php?userid=62050
View this thread: http://forums.novell.com/showthread.php?t=444804