cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

repository access control

Go to solution
Former Member

on ‎05-14-2013 9:22 PM

0 Kudos

Hello,

I'm in the process of creating user administration roles for positions like 'help desk'.

These roles need to have the following limitations:

- can only assign roles/privilges for specific user groups, and not others. (attribute MX_ADMIN_UNIT)

- cannot assign roles in Dev/Test repositories, only production.

I understand using access control on tasks to create a filter specifying which user groups a user can complete assignments 'on behalf of'.

However, I haven't found a similiar way to limit the respositories this help desk role can assign roles to.

Has anyone dealt with this type of requirement?

Cheers, Paul

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

terovirta
Active Contributor
‎05-15-2013 10:06 AM
0 Kudos

To limit what users can the help desk maintain you can set the UI task access controls.

Show replies
Show replies
Former Member
‎05-15-2013 11:08 PM
0 Kudos

Thanks Tero,

I had actually thought of using the filter to restrict which user group the 'help desk' role could make assignments to.

However, I've checked some of the help documentation around roles and see that I can limit which users can even see roles. This is helpful for a number of reasons, especially in my case where I can limit the visibility the 'help desk' roles have to even see the Dev/Test roles and priviliges.

Hope this helps others.

Thanks again Tero.

Paul

Answers (1)

Answers (1)

terovirta
Active Contributor
‎05-15-2013 9:57 AM
0 Kudos

Does your business roles contain privileges for dev, test and production in the same IdM instance?

I cannot think anything else than context based assignments to solve it.

(If you have business roles for dev that has dev privileges and same for other tiers in the landscape, then you can limit what privileges can be added to business roles with the attribute value filters (SQL) in the role creation/modification UIs.)

Show replies
Show replies
Ask a Question