There is an existing two factor auth scheme on a realm.

In case of emergency, one would like to switch back to basic or fcc form auth scheme.

The admin who conducts this change prefers not to be a SiteMinder super user.

Release : 12.8

Component :

• Create a non super user account which has login access to admin UI.
• Assign this user account "Domain Administration" and "Policy Administration", under Modify Administrator-->Rights.
• Create a new workspace, while searching object type as "Domain", so only specific domains are chosen for this workspace.
• Under administrators again, assign the newly created workspace to this non super user account.
• Submit the change and logout.
• Now login with non super user account, the user should only see allowed domains and be able to modify the realm/auth scheme settings.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/administrators/create-a-scoped-administrator.html