Hi Guys,
How we can create a BPM which will allow a user to change the access of other user even if they don’t have security manager access. Can anyone suggest something on this.
No, that’s like giving your keys to your neighbor and telling them not to come in. Security Manager has Top Clearance and that’s that.
If they have the ability to change permissions, what’s stopping them from changing their own…
What’s the business case for this? What command? What reason? What are you really trying to do?
Of course, @josecgomez is correct but maybe there’s another way to accomplish this than reducing security.
Mark W.
I imagine you could write a process that would use a named security manager, to make the changes. obviously not through the user security screen. I guess it depends what you want to change?
I want that a user who don’t have the security manager access will be able to access/change all the group access and other stuff in the user account security maintenance screen. The user should be able to do any changes to access without giving him the security manager access which are possible with the security manager access.
How many users do you want to give this ability to, just one or everyone?
could you just copy the menu item and add a different security to the copied menu item?
That’s WHAT you want to do. You haven’t given the business reason WHY you want to do it. Why do people need dynamic security? What can’t they do today that they’ll need to do later? Specific commands. Are we just trying to build a security grid on the fly because we don’t know? Are there many temporary employees who move from role to role?
Mark W.
1 Like
Hi Andy,
I want to give this kind of access to only 4 admin users, So that they can change other users access in spite of raising request for access change.
Hi Mark,
The business need is that for now they need to raise request in order to change there access or to revoke access, and they don’t want security manager access. Allow users who are not security managers to amend other user accounts in the “User Account Security Maintenance” menu. The logic should instead prevent users from modifying their own accounts.
I still don’t understand why there would be so many changes required.
Hmmm. Wait a minute, I think I know why. You’re adding commands to USERS and not Security Groups. That IS a lot more maintenance.
Since we need to be SOX compliance, we set up a security group for each role in our company. We then make sure that certain groups do not have conflicting commands in them. Finally, we just assign the user to the role. If someone is covering for another person, we just add that role to the user and then remove it when it is not needed. It’s a far easier method to manage security.
Mark W.
1 Like
Yes mark that’s correct, we are also working in the same manner. But for now user don’t want to raise request for giving access or disabling accounts of amother users. They want this enhancement to be developed so that they can change the group access of other users without having security manager access.we need this kind of functionality for only four user. Those 4 users can change the access of other user but they are not allowed to change there own access. Can you please suggest on this…
I cant see why this not doable, with the correct coding skills