Restrict management of an application and access to that application to prevent
unauthorized users from assigning administrative rights to the application or accessing
sensitive information in the application records.
始める前に
- Records required:
- Role record to designate a role as the application-specific admin
role
- User record to assign an application-specific admin role to a user
- Application record to enable application administration for a specific
application
- Role required: admin
If an application-specific admin role does not already exist, create it before
beginning this procedure. For example, you can create a role named
my_application.admin that includes the name of the restricted application with the
suffix "admin" to indicate that it is the admin role for the application.
手順
-
Navigate to or .
-
Open the role record for the application-specific admin role.
-
Configure the form to add the Application Administrator
field.
注: The Application Administrator check box replaces
the Assignable by field. By default, when you upgrade
from a Jakarta or
earlier release to a Kingston or later
release, any role that was in the Assignable by field
is defined as the application-specific admin role, and the
Application Administrator check box is
selected.
-
In the role record, select the Application Administrator
check box, and then click Update.
-
Navigate to .
-
Open the user record for the admin user.
-
On the Roles tab, add the application-specific role.
Only users with the application-specific admin role can enable application
administration for an application.
注: Assign the application-specific admin role to more than one user. Then, if a user with
the application-specific admin role leaves the company, you are not prevented from
performing changes to the application.
-
Click Update.
-
Log out and then log in with the application-specific admin role.
-
Navigate to .
-
Select the application for which you want to enable application
administration.
-
In the application record, select Application
administration.
-
Click Update.
The system validates that the following requirements have been met:
- The application has an application-specific admin role (there is at
least one role with Application Administrator
selected).
- The current user has the application-specific admin role.
If the validation passes, the system updates the application record.
Otherwise, the system displays this error message and does not update the
application
record:
Application Administration uses the 'Application Administrator' role to define what users are application administrators. None of the roles defined by this application have 'Application Administrator' enabled.
- オプション:
From the Related Links, you can select one of the following options:
| Related Link |
Description |
| Manage Developers |
Modal that enables the application-specific admin to
manage these tasks:
- Designate developers for the application.
- Make themselves a delegated developer. After the
application-specific admin becomes a delegated
developer, the application-specific admin can
perform a subset of administration tasks without
having the system-level admin role.
Learn more: Delegated development and deployment |
| Grant application administration to all admins |
Modal that creates a Contained Role
[sys_user_role_contains] record for the system-level admin
role. This adds the application-specific admin role as a
contained role of the system-level admin role.注: When you publish the application with this record,
users with the application-specific admin role can
access the application after installing it. |