Coming from the arena that the system administrator ID should never be used, but clone the ability to assigned administrators.
How would one clone an exact duplicate of the Clarity System Admin ID? It should have all functionality as the system Admin ID? I have added all permissions that I can see to my normal ID, but there is still functionality of the Admin ID that my ID does not have.
Any assistance greatly appreciated.
The way I see a user could be cloned is to XOG it out, change name, ID, resource name, email etc. what ever needs and write it back.
Normally on a test system I put all the Global rights into one group and make me a member of that. I do not recall anything that that method does not cover except for two things. The collaboration is not in standard rights administration.
There is no supported way of adding colloboration managerships other than an existing manager does that.
I do recall in an earlier version there was some item which you only got as a member of the administrator group, but cannot recall any more what that was.
The above is pretty much the standard way to go about it.
Thank you urmas. It is very helpful.
However, the one aspect I don't understand is the Collaboration management right. You state
"There is no supported way of adding collaboration managerships other than an existing manager does that",
however the System Admin ID does have the ability to manage the collaboration.
Is there a special flag on the ID or in the system code that allows this for that ID?
When a project is created, the PM is automatically set as the Collaboration Manager. In CA PPM, just because you are an administrator, does not mean that you can change everything. For instance, someone with all the access rights to everything, still cannot edit someone else's Action Item. Same holds true for the collaboration manager. Just how CA PPM is.
^ just to be clear, re:Collaboration Manager, its not the PM, it is the project creator (who incidentally may be (or may not be) the PM)
I know. I should have been more clear. pretty much everywhere I have been, the Project Creator ends up being the PM. We actually went so far as to create a custom script that if/when the PM changes, the new PM automatically becomes the collaboration manager and the old PM is removed.
If I understand you correctly, you have done the below:
* Given all rights that you can find to your ID
And the problem is that even after doing that, you don't have all the functionalities of the Admin ID.
Could you please provide this additional information so that we better understand your need:
* What specifically are the functionalities that is available on the Admin ID, that is not available on yours?
* Have you added all the Global rights (as mentioned by Urmas above) to your ID?
Yes I have added all the global groups. See my statement to urmas above. The collaboration management is one of the functions I have encountered that I cannot affect with my ID, but the System ID can.
Note that the application 'admin' user does not have "all the rights" ; what they do have is the rights to administrate the application which they get through membership of the "Application Administrator" and "System Administrator" access groups.
When creating a copy of the 'admin' user (which is a good idea) ; you should just add your new user to the same access-groups that 'admin' belongs to and not try to manage specific access rights.
(so I'm disagreeing with the XOG technique here ; that technique is fine to 'clone' a 'system user' , but admin is a special case)
Thank You David.
If you read my reply to urmas above, do you have any insight?
Ron.Lister wrote: If you read my reply to urmas above, do you have any insight?
Just to repeat what I and the others are saying ; "admin" does not equal "access to all data and/or functionality"
(and in the specific collaboration manager case, only the user who created the investment will be the (initial) CM, this is not something the application controls via 'access rights' - the application is a bit rubbish here really)
That is cloning not considering if that is advisable or not as there is no copy user or copy resource functionality in the GUI.
Getting the global rights form one group only is likely to give any right just once, but as said if there are rights that do not display, but are given through a membership they are not given separately.
The user who creates a project becomes the collaboration manager. That is the initial collaboration manager,
That collaboration manager can make other users participants and the participants further to collaboration managers.
That is the only supported way to make somebody a collaboration manager. For unsupported ways you can search this community.
A problem arises when there is only one collaboration manager and he or she leaves the company and the account gets deactivated. To make another you have to reactivate the account and login. If you are on LDAP that becomes more challenging.
If there is a collaboration manager, then there is no problem with the participants. The collaboration manager can manage them as needed. There is also a setting to make team members automatically participants.
EDIT: That is collaboration for individual projects.
EDIT 2: Admin has the rights to administer the system, not to use all functionality of the product. However, those rights include administering rights, so the admin can add more rights to get the ability to use the functionality.
One of the advantages of not using admin but other individual ID's with corresponding rights is that it makes easier to track who did it.
Thank you to all the respondents. You have given me enough information and insight to my issue and I greatly appreciate it.