Vista combinada Visión Plana Vista de árbol
Discusiones [ Anterior | Siguiente ]
toggle
JohnnyBrew .
Define Limited Permission to Enterprise Admin
10 de julio de 2009 20:29
Respuesta

JohnnyBrew .

Ranking: New Member

Mensajes: 19

Fecha de incorporación: 10 de julio de 2009

Mensajes recientes

I am trying to give permission to a set of users (Help Desk) who need access to User Accounts - edit, reset password, etc. So, I went ahead and created a new Role and named it "Help Desk Admin". I then Defined the Permissions for the role and went to > Add Portlet Permissions > Enterprise Admin. The following is what I configured for the scope:

*Enterprise Admin
View - (selected Enterprise)

*User
Impersonate - (selected Enterprise)
Update - (selected Enterprise)
View - (selected Enterprise)

Nothing else was modified. After that I clicked save, etc.

When I assign the new Help Desk Admin role to a test user who is currently a basic User, they indeed can see the Enterprise Admin portlet and manage users in the manner I would like. BUT - they can also see and modify the settings in the other tabs of the portlet! i.e., the can access and modify the stuff in Organizations, User Groups, Roles, Password Policies, Settings, Monitoring, Plugins. Way too much power for this user set.

What am I doing wrong?

Thanks in advance to anyone who can shed some light on this. It's driving me a little BATTY! ;)
Eric Min
RE: Define Limited Permission to Enterprise Admin
11 de julio de 2009 18:24
Respuesta

Eric Min

Ranking: Junior Member

Mensajes: 43

Fecha de incorporación: 1 de julio de 2009

Mensajes recientes

Hi,
I want to know whether you have modified the Default User Associations. You can do like this:
1.go to your control panel(sign in with test,test)
2.under portal part click the setting link then you can see Roles
3.delete the Power User and click save button
4.back to Guest to have a test
JohnnyBrew .
RE: Define Limited Permission to Enterprise Admin
12 de julio de 2009 20:13
Respuesta

JohnnyBrew .

Ranking: New Member

Mensajes: 19

Fecha de incorporación: 10 de julio de 2009

Mensajes recientes

I am not sure I understand how deleting the Power User will have any effect on what I am trying to do. Can you explain this to me?
Rodrigo Martinez
RE: Define Limited Permission to Enterprise Admin
26 de julio de 2009 18:36
Respuesta

Rodrigo Martinez

Ranking: New Member

Mensajes: 6

Fecha de incorporación: 12 de noviembre de 2008

Mensajes recientes

My guess would be that the users that are assigned the "Help Desk Admin" role (make sure its Community role), also have other roles that enable them to see/modify the other tabs of the Enterprise admin portlet.

I also saw that you configured the Enterprise Admin Portlet in two levels:

Johnny Z .:

*Enterprise Admin
View - (selected Enterprise)

*User
Impersonate - (selected Enterprise)
Update - (selected Enterprise)
View - (selected Enterprise)



I'm assumming the *User configuration is related to the User tab within the Enterprise Admin portlet. Maybe it is a matter of also configuring the rest of the Ent Admin portlet tabs so they are not available to the "Help Desk Admin" role.

Hope this helps.
JohnnyBrew .
RE: Define Limited Permission to Enterprise Admin
3 de agosto de 2009 9:50
Respuesta

JohnnyBrew .

Ranking: New Member

Mensajes: 19

Fecha de incorporación: 10 de julio de 2009

Mensajes recientes

It turns out that I had it set up correctly. Even though the role will not have the ability to edit/change settings in the other tabs, they can still see them, access them, even get to the point of changing a setting. BUT, when the user attempts to save a change they made they receive a message indicating they do not have the correct permission.

IMHO - This begs for a change/enhancement. If a role does not have any privileges to the other tabs in Enterprise Admin, they should not see or have access to those tabs. Just my $0.02.