Customer asked how to create users with the same privileges as out of the box etaadmin and dsaadmin users.
This may be needed because of auditing requirements.

Release : 14.X

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

'dsaadmin' user (cn=dsaadmin,ou=im,ou=ca,o=com) is defined as a super-user using CA Directory access controls.
Please see this document for details: CA Directory Access Controls
It is possible to have more than one super-user in one DSA (for instance by adding access control group), but this is not recommended because super-user is granted full level of access to the whole DIT served by the DSA.
Much better way is to configure an admin-user instead of a new super-user.
Using 'dsa' OS user you need to edit access control config file /opt/CA/Directory/dxserver/config/access/vapp-default.dxc
The above file contains settings for imadmin user to be an admin-user, just need to uncomment 'set admin-user' command in the file.
admin-user can be granted access to required sub-tree instead of a full tree, and also restricted set of permissions can be granted.
All above information is applicable to Virtual Appliance (vApp)

'etaadmin' user is a provisioning administrator.
The easiest way to create a new provisioning administrator is to duplicate etaadmin user using Provisioning Manager application.
To do that:

• Login into IM Provisioning Manager as 'etaadmin' user
• Navigate Users->Search
• Select 'etaadmin' user and choose 'duplicate' from context menu (i.e. right-click menu)
• Provide username and password for the new administrator