on 01-16-2009 6:09 PM
Hello,
I create a new Role with the following authorization. The goal is to allow users assigned with this role access to change a user password in the User table.
Functions
Modify Records = Execute
all other = None
Tables and Fields
Users = Read/Write
all others = Read-Only
When I try yo change a user password using this role, I get an Insufficient right for operation message.
Please advise what other security is requierd.
thanks
Tammi
Tammi
as christian said u need to make schema modify to execute, and make sure you have pretty much all the other functions set to NONE and in tables /fields set Users to Read Write and you should be safe and all set.
setting schema modify to execute without giving any other function is safe. You can try it out too.
-Sudhir
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I want a role to be assigned to a user who can only reset the password of other users in SAP BO 4.2. Can anyone help me with this?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tammi,
As far as I understood your Query.You wish that only certain users may have rights to change/Retrieve the password .
In that case your settings are correct but some more are needed to make it foolproof.
- Firstly you do not need to make the modify records function as Execute to work on the repository table records.So even if the Modify records functions is None it will still provide restricted access to the user on the user table If you have set the Tables and Field property for the user table as Read Only.
- Secondly just making the user table as Read only is not enough you also need to make the Roles table as Read only.
- If the user has rights to the roles table then he can very well create a new Role with Admin rights and assign the old user to this role.By doing this the User will ow have all the Admin role rights which can allow him to change any users password.
So you need to restrict access to both the Users and Roles table for all the uses who you do not wish to allow to fiddle with the Passwords.
Hope It Helped
Thanks & Regards
Simona Pinto
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tammi,
If I have understood your requirement correctly, you want a role to be assigned to user, which can only reset the password of a user.
This can be achieved with the following combinational constrains assigned to that role.
Functions -> Schema -> Modify Schema Object -> Execute (All others set to None)
Tables & Fields -> Users -> Read/Write ( All others set to Read Only)
Hope it helps.
Thanks,
Minaz
Hi Tammi,
after fiddling around a little, I figured out that it is the following setting:
Functions: Schema: Modify schema object: Execute
I tried that on MDM 7.1. However, any MDM >= 5.5 SP06 should have the functionality for users to change passwords in Data Manager.
Hope that helps.
Best regards
Christian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The goal is to allow Admin personnel the access to reset a password when a user has forgotten their password.
I do not want to grant schema rights just to enter a passwod on an exsiting user record. These Admin users will have no other securty than resetting a password on an existing user account.
I cannot find any documention about the'modify schema object' property. Does anyone know exactly what this controls when you grant Read/Write acess?
Edited by: Tammi Helms on Jan 16, 2009 1:36 PM
Hello Tammi Helms,
According to my understanding, you have set Modify Records = Execute under Tab = Functions.
This Function enables all the user's under this Role to Modify all the records in Data Manger Repositories. It does not have any command over Password settings/change.
If any user wants to re-set his password, he can log into Data Manager --> Configuration --> change Password -->
Old Password = xxxxx
New Password = xxxx.
If any user forgets his password, Administartor need to change the Password in the MDM Console for a particular user.
Hope its helps you.
Cheers
Srihari Reddy
User | Count |
---|---|
93 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.