Creating Custom Role same as Security Admin Role

Go to solution
Suraj Yadav1
Tera Contributor

‎01-24-2024 12:55 AM

Hi Everyone,

I have a requirement where, 

In the instance, group 1 should be able to access/read the "Service Portfolio Management" Table , but another group 2 should not be able to access the "Service Portfolio Management" Table.

Also, both group 1 and group 2 will be having the "admin" role.

Is there any approach to implement and work on this solution.


My Approach :

I created the custom role named "SPM Module Access" and I have marked the "Elevated Privilege" as true.

SurajYadav1_0-1706086360275.png

 

Also, In the ACL, For  spm_service_portfolio read record, I have added the Custom Role i.e. SPM module access.

SurajYadav1_1-1706086409634.png

 

Also to the Service Portfolio Management application, I have provided custom Role i.e. SPM module access.

SurajYadav1_2-1706086439352.png


Now, to the group 1, I have provided the SPM Module Access Role, and group 1 member got the elevate option as well. But, I am facing a challenge where group 2 users are able to provide the SPM module Access role by themselves.

 

Now the above approach, I am trying to make it as similar like security admin role , where only the user who will have security admin role will be able to extend the security admin role to other users.


Can anyone provide their inputs or solution to the requirement.

 

Thank you

 

0 Helpfuls
  • 797 Views
1 ACCEPTED SOLUTION

Go to solution
Mark Manders
Mega Patron

‎01-24-2024 01:14 AM

Will it work if you create a read ACL for your custom role so only users with that custom role can read that role? Or add create ACL on the sys_user_has_role/sys_group_has_role table that records can only be created with your custom role if the role is the custom role? Not sure on how they did it with the security_admin role.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

View solution in original post

2 REPLIES 2

Go to solution
Mark Manders
Mega Patron

‎01-24-2024 01:14 AM

Will it work if you create a read ACL for your custom role so only users with that custom role can read that role? Or add create ACL on the sys_user_has_role/sys_group_has_role table that records can only be created with your custom role if the role is the custom role? Not sure on how they did it with the security_admin role.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Go to solution
Suraj Yadav1
Tera Contributor
In response to Mark Manders

‎01-24-2024 04:07 AM

Hi @Mark Manders ,

Thank you for replying.
I got the solution, where I hide the group  and roles table records for the Group 2 Users and now they are not able to add themselves in the Group 1.

Thanks again for your suggestion.

 

0 Helpfuls