application security versus adminstrative security
talking to darran: it seems the secuirty subsystem is only used for application level security and clearly separated from the adminstrative secuirty. Can sombody confirm this?