The CA SSO (Single Sign-On) Administrator Permissions are represented in the Policy Store as an integer value, calculated from a bit map. This can be seen in XPSExplorer, a Policy Store export file generated from 'xpsexport', as well as looking directly at the Administrator object in either an LDAP or ODBC Policy Store.
[XPSExplorer]
=========================================================================
------------------------- Object Meta Data ------------------------
XID: CA.SM::[email protected]
------------------- Attributes from CA.SM::Admin ------------------
Name = "siteminder2"
Password = <***>
Rights = 63(0x3f): ManageAllDomains,ManageObjects,ManageUsers,ManageSecurity,CacheManager,RegisterTrustedHosts
=========================================================================
[XPSExport]
=========================================================================
<Object Class="CA.SM::Admin" Xid="CA.SM::[email protected]" CreatedDateTime="2015-04-14T14:16:13" ModifiedDateTime="2015-04-14T14:16:13" UpdatedBy="siteminder" UpdateMethod="GUI" ExportType="Replace">
<Property Name="CA.SM::Admin.DirectoryAuth">
<BooleanValue>false</BooleanValue>
</Property>
<Property Name="CA.SM::Admin.Rights">
<NumberValue>63</NumberValue>
</Property>
<Property Name="CA.SM::Admin.Password" Sensitive="Yes">
<StringValue>Firewall1</StringValue>
</Property>
<Property Name="CA.SM::Admin.Name">
<StringValue>siteminder2</StringValue>
</Property>
</Object><!-- Xid="CA.SM::[email protected]" -->
=========================================================================
[ODBC Policy Store]
adminoid | adminname | admindesc | password | userdirectoryoid | rootprivs | schemeoid | dirauth | rights |
12-51b66ac5-7ee0-4656-9a6e-f90686b9e404 | siteminder2 | {RC2}5fUq2teI4gbpxpQ1OzDtOJHX0NP3KJbM | 00- | 0 | 00- | 0 | 63 |
SMRights
Right | Hex | Decimal |
ManageAllDomains | 0x01 | 1 |
ManageObjects | 0x02 | 2 |
ManageUSers | 0x04 | 4 |
AdminRightsManageKeys | 0x08 | 8 |
Admin RightsManagePasswordPolicy | 0x08 | 8 |
AdminsRightsManageReports | 0x10 | 16 |
ManageSecurity | 0x20 | 32 |
The SMRights are calculated using the bitmap. SMRights = 63 = (32 + 16 + 8 + 4 + 2 +1). The SMRights is the sum of all rights from the SMRights table. All rights is a 'SuperUSer'. It is easiest to take the Administrators right, and then subtract the next lowest number. The Administrator has that right. Then take the difference and subtract from the next lowest value on the SMRights chart again. The final result will always be zero (0).
Example:
SMRights = 63 = (32 + 16 + 8 + 4 + 2 +1).
(63 -32)= 31
(31-16) = 15
(15- 8) = 7
(7 - 4) = 3
(3-2)= 1
(1-1)=0