Clarity

  • Private Community
 View Only

  • 1.  Rights to allow creating and administrating a user without allowing management of Groups or Rights?

    Posted Dec 21, 2015 03:43 PM

    I have been tasked with re-designing our rights model such that only a couple of individuals in our system have full Administrative Control. The biggest issue is that management does not wish for everyone in our team to have access to adding individuals to groups or adding rights to individuals, but we need those people to be able to create admin-side resources.

     

    The situation is:

    • Only 2-3 people should be able to view specific financial information we are considering adding to resources
    • Currently all of our administrators can add rights and resources to groups, so they can essentially add the rights to view restricted information pages to themselves

     

    Is this even possible? My research so far shows that "Administration - Authorization" grants rights to allow you to add resources to groups. Is there any other solution that we can do?



  • 2.  Re: Rights to allow creating and administrating a user without allowing management of Groups or Rights?
    Best Answer

    Posted Dec 21, 2015 04:10 PM

    In short, "No I don't think so"

     

    I have seen a similar requirement solved by a (rather complex) suite of custom objects and jobs - i.e. users create "new resources" as instances of a custom object and then a job creates the actual resource via XOG. Gets really complex when rights-administraton (of selected rights) is required as well.



  • 3.  Re: Rights to allow creating and administrating a user without allowing management of Groups or Rights?

    Posted Dec 22, 2015 07:52 AM

    I thought that this would be the case but was hoping it wouldn't be. Thank you for the quick response, David.