In many enterprises, there are people at different organizational levels that manage various types of security information. Enterprise Security supports managing different levels of security data using a technique called “delegated administration.” Delegated administration enables system administrators to define multiple domains within an enterprise, each with its own security policy.
Administrators of each security domain can configure a set of properties (for example, to enable auditing or password validation) independent of other domains. Domain-specific properties are stored in the ACDB. You can modify these property values using either Enterprise Security Manager or the SecurityDomainManagement interface. Other security properties can be configured for your entire security system, rather than for a specific domain; these global properties are stored in the security.properties file.
Default values for all security properties are set automatically during installation; these default values are defined in Chapter 15, “Configuration Properties.” Global properties are read by the security system when a session is initiated for the first time. Domain-specific properties are read as they are needed. All the security configuration information is cached in the Configuration bean, and used at runtime by all the security modules. Domain properties are refreshed based on a time interval, which you can configure using either Enterprise Security Manager, or programmatically using the SMAPI to set the propertyRefreshTimeInterval property. If you reconfigure global properties, you must restart the application server for the changes to take effect.
To view the SMAPI documentation, open a browser, and access docs/html/index.html in your Enterprise Security installation; then, select the com.sybase.ep.security.management package.
