As per the banks compliance policy no single user should have full access on RA tool. So want to avoid or minimize the usage of superuser. Given this statement we have the below question.
We would like to check if there is any way where “Security and Permission Admin” can access a newly created application without Superuser giving him the read access for the application itself.
Noticed that once we create a new application, superuser still needs to provide at least read access only for “Security and Permission Admin” to enable them to provide access to users. Thus, this is making us still dependent on Superuser id.
RA Version: 5.5.2
Any help is greatly appreciated.
This is possible, you can give individual users the role of "application creator" and this will allow a non superuser the right to create new applications and the logged in user will become the application owner of any newly created applications. Please let me knw if you need more details.
Step by Step Explanation:
> created a user called "testuser" with User role and granted Application creator rights.
> created a another user called "user_admin_test" user with Admin
> User role and granted "Security and Permissions Administrator" rights
> Now when login to ASAP with testuser, we are able to create an application "TEST_CA_APP1"
> We now login to ASAP with "user_admin_test" but we cannot see any applications under the application structure tab in the permissions management
> Now we login to ASAP with Superuser, in the permissions management
> we can see that the testuser has can view application and application owner rights on TEST_CA_App1. Only now they are able to assign permissions to other users on TEST_CA_App1.
> we also tried assigning Server admin and General Sys admin roles to "user_admin_test" but that did not help.
Our requirement is as follows:
Actually my question is step deeper in this. Once the application is created by Application Creator, now the Security and Permission administrator want to assign roles to different users for the same newly created application (for ex: env admins and so on..). But the Sec and Permission is not able to view this application at all, unless superuser login and provide view to Sec and Perm. administrator.
I understand now , your correct that this is the default behaviour. i would recommend raising an idea in the ideation system so we can pass this requirement to the Product Management team,