Restrict management of an application and access to that application to prevent
unauthorized users from assigning administrative rights to the application or accessing
sensitive information in the application records.
Avant de commencer
- Records required:
- Role record to designate a role as the application-specific admin
role
- User record to assign an application-specific admin role to a user
- Application record to enable application administration for a specific
application
- Role required: admin
If an application-specific admin role does not already exist, create it before
beginning this procedure. For example, you can create a role named
my_application.admin that includes the name of the restricted application with the
suffix "admin" to indicate that it is the admin role for the application.
Procédure
-
Navigate to or .
-
Open the role record for the application-specific admin role.
-
Configure the form to add the Application Administrator
field.
Remarque : The Application Administrator check box replaces
the Assignable by field. By default, when you upgrade
from a Jakarta or
earlier release to a Kingston or later
release, any role that was in the Assignable by field
is defined as the application-specific admin role, and the
Application Administrator check box is
selected.
-
In the role record, select the Application Administrator
check box, and then click Update.
-
Navigate to .
-
Open the user record for the admin user.
-
On the Roles tab, add the application-specific role.
Only users with the application-specific admin role can enable application
administration for an application.
Remarque : Assign the application-specific admin role to more than one user. Then, if a user with
the application-specific admin role leaves the company, you are not prevented from
performing changes to the application.
-
Click Update.
-
Log out and then log in with the application-specific admin role.
-
Navigate to .
-
Select the application for which you want to enable application
administration.
-
In the application record, select Application
administration.
-
Click Update.
The system validates that the following requirements have been met:
- The application has an application-specific admin role (there is at
least one role with Application Administrator
selected).
- The current user has the application-specific admin role.
If the validation passes, the system updates the application record.
Otherwise, the system displays this error message and does not update the
application
record:
Application Administration uses the 'Application Administrator' role to define what users are application administrators. None of the roles defined by this application have 'Application Administrator' enabled.
- Facultatif :
From the Related Links, you can select one of the following options:
| Related Link |
Description |
| Manage Developers |
Modal that enables the application-specific admin to
manage these tasks:
- Designate developers for the application.
- Make themselves a delegated developer. After the
application-specific admin becomes a delegated
developer, the application-specific admin can
perform a subset of administration tasks without
having the system-level admin role.
Learn more: Delegated development and deployment |
| Grant application administration to all admins |
Modal that creates a Contained Role
[sys_user_role_contains] record for the system-level admin
role. This adds the application-specific admin role as a
contained role of the system-level admin role.Remarque : When you publish the application with this record,
users with the application-specific admin role can
access the application after installing it. |