OVERVIEW
--------
The check_policy tool is used to scan the policy database on the current server for particular combinations of ACL settings.  In particular, with respect to delegated administration, it will scan the database for all ACL's which have both the Add and Delete, Add and Modify, or Add and Password bits set for a particular user.  These combination of ACL settings allow a delegated administrator to add ANY user to their administered group and then perform possibly destructive operations on these users. 

This tool does NOT attempt to fix these policy security vulnerabilities,  instead it will simply notify the user of possible problems with the security policy.

USAGE
-----
check_policy -a [admin user] -p [admin password] {-v}

where:
 admin user     = the PD user to run the tool as;
 admin password = the password for the PD user
 -v             = adds more verbose output

Ideally the tool should be run as a user who has view permission on all
ACL's.