Other users can also manage tenants if they are not created as users in operational tenants, because management is always carried out in the name of the user superuser using impersonation. The following requirements have to be met:
The users must be created in the infrastructure tenant.
The users have the required function privileges in the infrastructure tenant.
.
The user account for the user superuser is used to automatically perform tenant management for each tenant. For this purpose, the user superuser requires appropriate function privileges in the infrastructure tenant and in all operational tenants, and must have been defined as a target for impersonation.
For tenant management, the user superuser requires the following additional function privileges in the infrastructure tenant:
User administrator
Impersonation
Tenant administrator
Technical configuration administrator
The user has additional function privileges by default, for example, License administrator.
The user superuser does not require any license privileges, but does require certain function privileges. To ensure that each operational tenant, for example, default, is completely backed up, the user superuser needs the following function privileges in each operational tenant:
Analysis administrator
ARCM administrator
Collaboration administrator
Database administrator
Dashboard administrator
Document administrator
License administrator
Portal administrator
Process Governance administrator
Server administrator
Technical configuration administrator
User administrator
If a function privilege is not assigned, for example, Analysis administrator, ad hoc analyses and queries for this tenant are not backed up. The number of function privileges depends on the relevant tenant's licenses. For this reason, not all of the specified function privileges may be displayed for every tenant.
Settings in the user configuration
The user superuser must be defined as a target for impersonation in every operational tenant, for example, default. Thus, all users that have the Impersonation function privilege in the infrastructure tenant inherit its privileges and can manage tenants.