Grant admin access with some exceptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-26-2024 10:27 PM
We have a requirement to have a custom role which should have all the access as admin role but with some exceptions. They should not access anything related to security incidents (entire SIR module). There is an enforce restriction option in security incident, but we would like to have a role to assigned a user so that he can access everything except SIR. We tried with ACLs but couldn't succeed. Any suggestions would be great a help.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-26-2024 10:52 PM
What did you try with ACL's? Why didn't it succeed? What did the security debug say, because it sounds like the perfect way to block it.
Maybe you should go the other way around: create a separate role that does grant access to the SIR module, without admin override, blocking out all admins.
Or if it is just the records, use a Query BR.
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-26-2024 11:00 PM
Hi Mark
Thanks for the reply, first we have created a custom role that inherits the admin role so that he will have all access, then created a ACL to return false for this custom role on security incident table. The problem is there are OOTB ACLs that are returning true because this custom role also inherits the roles that are required to access security incident table. But we cannot remove these roles as they got inherited from admin role. Please suggest a better approach.
