This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow custom Role to add/remove Authorized User Role

Hi,

I've create RoleA. Idea is to mimic Administrative role but not tick "Administrative rights" check box.

This role is mainly for ID team to enable/disable, assign Roles to EmplDept.

RoleA

  • User Rights: I've assigned default "General full access"
  • Functional Rights: Custom "ID functional right" - this is required, as they only need to see Organzation function. Thats another reason i cant use 'administrative rights' check box.
  • Access Restriction: Custom to only allow ID mgmt role to be able to update the values

Issue:

One of the requirement is to remove the values in "Authorized user roles". Meaning ID team needs to tick and click Delete - to remove the role, then clear our the Roles used on connection.

On AM Web: The "Add" and "Delete" button is disabled/greyed out. 

On AM Client: I'm able to remove the Authorized user roles, but cannot add. Prompts this error "Unable to complete operation in current state."

Any ideas whats the cause?

TIA!

  • 0

    I cannot help you from the Web Client aspect, however from the AM Client, you seemed to have identified a bug.  Contact Micro Focus support.  Seems that minus button may only be associated with 'Administration rights (bAdminRight)', but not 100% sure as the background functionality behind that minus button could be the bug.

  • 0 in reply to 

    Thanks for your feedback Mark...I've logged a case. Will update if we have findings...

  • 0 in reply to 

    Sorry I didn't mention this earlier...I created a security role with full permissions of rights to all tables, and granted functional rights for all objects...the minus button was still greyed out, but the plus button was enabled like you wrote initially.  Good luck with Micro Focus support.

  • 0 in reply to 

    So I was compiling the screen shots for support....Then at the Functional rights, I decided to try Granting the "Rights > Full (Rights/Full) ONLY on this line. The Administration parent is still Denied.

    And IT WORKED. The Role is now able to Add and Remove "Authorized User Roles". :D I've tested on both Web and Client. Both are working.

    And on the navigation, the Administration does not show.

  • 0 in reply to 

    Go figure. This is now one of those "odd" items in the software where certain items work while others do not. My test had "Granted" at the Administration root level (I even "Granted by default"). This also means "Value of parent" does not really work (or not in all instances).

    Excellent you resolved on your own. If you want to test this out, you could try removing "Granted" for all but "User roles" and see if your requirement still works; the "User roles" is the only item you should really need to be able to Add/Remove from the Employee Profile tab.