Groups and Their Privileges400 Netscape Certificate Management System Installation and Setup Guide • October 2001Groups for AgentsDepending on the subsystems you chose to install, Certificate Management Systemautomatically creates a combination of the following groups for a CMS instance:• Certificate Manager Agents group, if you have installed the CertificateManager• Registration Manager Agents group, if you have installed the RegistrationManager• Data Recovery Manager Agents group, if you have installed the DataRecovery Manager• Online Certificate Status Manager Agents group, if you have installedthe Online Certificate Status ManagerGroup for Certificate Manager AgentsWhen the Certificate Manager is installed, a group called Certificate ManagerAgents is automatically created in its internal database. After installation, thisgroup has a single user entry—when you get the first agent certificate from theCertificate Manager (see “Stage 3. Enrolling for Administrator/Agent Certificate”on page 275), the server automatically adds the initial administrator as the agentand stores a copy of the agent certificate against that user entry. The user ID for thisagent user is the same as the certificate administrator ID, as specified duringinstallation.The Certificate Manager Agents group has access rights to agent-specificresources of the Certificate Manager; that is, privileged users you add to this groupautomatically inherit access rights to the agent port of the Certificate Manager. Forinformation on ports, see “CMS Ports” on page 371.After installation, you should add to this group the privileged users to whom youwant to assign Certificate Manager agent privileges. All agents who belong to theCertificate Manager Agents group can access the Certificate Manager AgentServices interface; see “Certificate Manager Agent Services” on page 68.For an agent to be able to carry on SSL client-authenticated communication with aCertificate Manager, you need to do additional configurations. See “Setting UpAgents” on page 406.Group for Registration Manager AgentsWhen the Registration Manager is installed, a group called RegistrationManager Agents is automatically created in its internal database. By default, thisgroup has no entries.