I have a CA ID M 12.6.8 Environment an we are working on implementing the password reset feature, normally users will reset their own passwords, but there are some scenarios where helpdesk users have to reset the password for the end users.
in our environment we have a System manager account called "superadmin" we would like to prevent help desk users from resetting the password for this user.
Is there a way to prevent this, restrict the access to this account, if they cannot even search for it its even better.
If you are using Microsoft Active Directory, just add the help desk user group with Deny Password Reset under permission of superadmin
You could create a PX Policy of type=UI that runs on Submission of the task you mentioned. The PX Policy could get the %USER_ID% as a Data Element and then for an action condition check to see if the value is for the user you want to prohibit. The action to take could be to display a message to the screen that says password changes for that user are not allowed. This will prevent the task from being submitted to change that user's password.
You can explicitly remove the superadmin user from the scope of the help desk user.
You can also set a password policy for just the superadmin user that will make changing the password difficult.