掲示板

  1. ホーム
  2. Portal
  3. Define Limited Permission to Enterprise Admin

Define Limited Permission to Enterprise Admin

thumbnail
14年前 に John Z Mennone によって更新されました。

Define Limited Permission to Enterprise Admin

New Member 投稿: 19 参加年月日: 09/07/11 最新の投稿
I am trying to give permission to a set of users (Help Desk) who need access to User Accounts - edit, reset password, etc. So, I went ahead and created a new Role and named it "Help Desk Admin". I then Defined the Permissions for the role and went to > Add Portlet Permissions > Enterprise Admin. The following is what I configured for the scope:

*Enterprise Admin
View - (selected Enterprise)

*User
Impersonate - (selected Enterprise)
Update - (selected Enterprise)
View - (selected Enterprise)

Nothing else was modified. After that I clicked save, etc.

When I assign the new Help Desk Admin role to a test user who is currently a basic User, they indeed can see the Enterprise Admin portlet and manage users in the manner I would like. BUT - they can also see and modify the settings in the other tabs of the portlet! i.e., the can access and modify the stuff in Organizations, User Groups, Roles, Password Policies, Settings, Monitoring, Plugins. Way too much power for this user set.

What am I doing wrong?

Thanks in advance to anyone who can shed some light on this. It's driving me a little BATTY! ;)
thumbnail
14年前 に Eric Min によって更新されました。

RE: Define Limited Permission to Enterprise Admin

Junior Member 投稿: 43 参加年月日: 09/07/02 最新の投稿
Hi,
I want to know whether you have modified the Default User Associations. You can do like this:
1.go to your control panel(sign in with test,test)
2.under portal part click the setting link then you can see Roles
3.delete the Power User and click save button
4.back to Guest to have a test
thumbnail
14年前 に Johnny Z . によって更新されました。

RE: Define Limited Permission to Enterprise Admin

New Member 投稿: 19 参加年月日: 09/07/11 最新の投稿
I am not sure I understand how deleting the Power User will have any effect on what I am trying to do. Can you explain this to me?
14年前 に Rodrigo Martinez によって更新されました。

RE: Define Limited Permission to Enterprise Admin

New Member 投稿: 6 参加年月日: 08/11/12 最新の投稿
My guess would be that the users that are assigned the "Help Desk Admin" role (make sure its Community role), also have other roles that enable them to see/modify the other tabs of the Enterprise admin portlet.

I also saw that you configured the Enterprise Admin Portlet in two levels:

Johnny Z .:

*Enterprise Admin
View - (selected Enterprise)

*User
Impersonate - (selected Enterprise)
Update - (selected Enterprise)
View - (selected Enterprise)



I'm assumming the *User configuration is related to the User tab within the Enterprise Admin portlet. Maybe it is a matter of also configuring the rest of the Ent Admin portlet tabs so they are not available to the "Help Desk Admin" role.

Hope this helps.
thumbnail
14年前 に Johnny Z . によって更新されました。

RE: Define Limited Permission to Enterprise Admin

New Member 投稿: 19 参加年月日: 09/07/11 最新の投稿
It turns out that I had it set up correctly. Even though the role will not have the ability to edit/change settings in the other tabs, they can still see them, access them, even get to the point of changing a setting. BUT, when the user attempts to save a change they made they receive a message indicating they do not have the correct permission.

IMHO - This begs for a change/enhancement. If a role does not have any privileges to the other tabs in Enterprise Admin, they should not see or have access to those tabs. Just my $0.02.