Privileged-User Types and Responsibilities372 Netscape Certificate Management System Installation and Setup Guide • May 2002Privileged-User Types and ResponsibilitiesAfter you install Certificate Management System, your first task is to set upprivileged users. There are three types of privileged users: administrators, agents,and trusted managers.• Administrators are users (people) who manage server-specific tasks for the CMSmaangers, the Certificate Manager, Registration Manager, Data RecoveryManager, and Online Certificate Status Manager. For details, see“Administrators” on page 372.• Agents are users (people) who manage the request queues for the CMSmanagers. For details, see “Agents” on page 373.• Trusted managers are CMS subsystems that are connected to other subsystemsand that are trusted to perform certain activities for them. For example, youmight set up a Registration Manager to screen end-entity certificate requestsfor a Certificate Manager. Because the Certificate Manager trusts theRegistration Manager, it approves all certificate requests received from thisRegistration Manager. For details, see “Trusted Managers” on page 380.The role of a privileged user—whether administrator, agent, or trustedmanager—is determined by the group to which the user belongs. This is explainedin “Groups and Their Privileges” on page 384.AdministratorsAdministrators are users who have been assigned CMS administrationprivileges—permission to access the CMS window and perform all the systemadministration tasks defined there. You assign these privileges to users by addingthem to the internal database and assigning membership in a group calledAdministrators that Certificate Management System creates during installation.For each CMS instance, the server must have at least one administrator. You canalso have more than one individual administering the server.During installation, Certificate Management System prompts you to provideinformation for creating the first user entry in the Administrators group.Following installation, therefore, this group has a single user entry. For moreinformation about this group, see “Group for Administrators” on page 384.Certificate Management System authenticates users with administrator-levelprivileges based on its built-in authentication mechanism. This is explained in“Authentication of Administrators” on page 490.