cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Create Admin Role to allow user to reset passwords in Console

Go to solution
Former Member

on ‎01-16-2009 6:09 PM

0 Kudos

Hello,

I create a new Role with the following authorization. The goal is to allow users assigned with this role access to change a user password in the User table.

Functions

Modify Records = Execute

all other = None

Tables and Fields

Users = Read/Write

all others = Read-Only

When I try yo change a user password using this role, I get an Insufficient right for operation message.

Please advise what other security is requierd.

thanks

Tammi

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-22-2009 6:38 AM

Tammi

as christian said u need to make schema modify to execute, and make sure you have pretty much all the other functions set to NONE and in tables /fields set Users to Read Write and you should be safe and all set.

setting schema modify to execute without giving any other function is safe. You can try it out too.

-Sudhir

Show replies
Show replies

Answers (3)

Answers (3)

former_member842848
Explorer
‎12-01-2022 12:27 PM
0 Kudos

I want a role to be assigned to a user who can only reset the password of other users in SAP BO 4.2. Can anyone help me with this?

Show replies
Show replies
Former Member
‎01-19-2009 6:43 AM
0 Kudos

Hi Tammi,

As far as I understood your Query.You wish that only certain users may have rights to change/Retrieve the password .

In that case your settings are correct but some more are needed to make it foolproof.

- Firstly you do not need to make the modify records function as Execute to work on the repository table records.So even if the Modify records functions is None it will still provide restricted access to the user on the user table If you have set the Tables and Field property for the user table as Read Only.

- Secondly just making the user table as Read only is not enough you also need to make the Roles table as Read only.

- If the user has rights to the roles table then he can very well create a new Role with Admin rights and assign the old user to this role.By doing this the User will ow have all the Admin role rights which can allow him to change any users password.

So you need to restrict access to both the Users and Roles table for all the uses who you do not wish to allow to fiddle with the Passwords.

Hope It Helped

Thanks & Regards

Simona Pinto

Show replies
Show replies
Former Member
‎01-20-2009 5:45 PM
0 Kudos

I do not want to restrict access to the Users table. I want this role to allow Admin user to reset a password when a user has forgotten thier password.

All tables are read only except the Users table which is Read/Write.

Former Member
‎01-21-2009 12:27 PM
0 Kudos

Hi Tammi,

If I have understood your requirement correctly, you want a role to be assigned to user, which can only reset the password of a user.

This can be achieved with the following combinational constrains assigned to that role.

Functions -> Schema -> Modify Schema Object -> Execute (All others set to None)

Tables & Fields -> Users -> Read/Write ( All others set to Read Only)

Hope it helps.

Thanks,

Minaz

Former Member
‎01-16-2009 7:24 PM
0 Kudos

Hi Tammi,

after fiddling around a little, I figured out that it is the following setting:

Functions: Schema: Modify schema object: Execute

I tried that on MDM 7.1. However, any MDM >= 5.5 SP06 should have the functionality for users to change passwords in Data Manager.

Hope that helps.

Best regards

Christian

Show replies
Show replies
Former Member
‎01-16-2009 8:39 PM
0 Kudos

The goal is to allow Admin personnel the access to reset a password when a user has forgotten their password.

I do not want to grant schema rights just to enter a passwod on an exsiting user record. These Admin users will have no other securty than resetting a password on an existing user account.

I cannot find any documention about the'modify schema object' property. Does anyone know exactly what this controls when you grant Read/Write acess?

Edited by: Tammi Helms on Jan 16, 2009 1:36 PM

Former Member
‎01-17-2009 5:28 PM
0 Kudos

Hello Tammi Helms,

According to my understanding, you have set Modify Records = Execute under Tab = Functions.

This Function enables all the user's under this Role to Modify all the records in Data Manger Repositories. It does not have any command over Password settings/change.

If any user wants to re-set his password, he can log into Data Manager --> Configuration --> change Password -->

Old Password = xxxxx

New Password = xxxx.

If any user forgets his password, Administartor need to change the Password in the MDM Console for a particular user.

Hope its helps you.

Cheers

Srihari Reddy

Ask a Question