prasenjitmass Respected Contributor.
Respected Contributor.
134 views

Restrict user to open workflows from userapp

Hi,
uaadmin and all the users in eDirectory can see and run all the workflows by default. Our requirement is to give permission to run workflows to few specific users of eDirectory. Can anyone tell how to restrict / allow specific users for workflows. In a NetIQ document it stated that "use NetIQ eDirectory to add an Inheritance Rights Filter (IRF) on the AppConfig container, which is located under the User Application driver" .
We have put permisison to object [public], entry rights for a trustee --> inherit and mention that user in workflow trustee option. But it is not working.
Can anyone help?
Labels (1)
0 Likes
1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: Restrict user to open workflows from userapp

On 6/12/2019 3:54 AM, prasenjitmass wrote:
>
> Hi,
> uaadmin and all the users in eDirectory can see and run all the
> workflows by default. Our requirement is to give permission to run
> workflows to few specific users of eDirectory. Can anyone tell how to
> restrict / allow specific users for workflows. In a NetIQ document it
> stated that "use NetIQ eDirectory to add an Inheritance Rights Filter
> (IRF) on the AppConfig container, which is located under the User
> Application driver" .
> We have put permisison to object [public], entry rights for a trustee
> --> inherit and mention that user in workflow trustee option. But it is
> not working.
> Can anyone help?


If you can see the workflow, via eDir permissions from your logged in
user, you can run it.

So, in eDir (via LDAP or iManager) find the Driver Set, then the User
App object (whatever you named it), then there is an AppConfig
container. Now they say block it at the AppConfig level, I would have
though you could do it at the RequestDefs container, but follow the docs.

First, make sure to grant uaadmin and admin SRWECMA permissions directly
at the level you wish to fiddle with. Make this object and attribute
permissions, just to be safe. I.e. Explicitly grant them permissions.

Then you can set an IRF that blocks inheritance of Read and Browse
permissions. This way, the default permission that everyone gets to see
the entire tree is blocked.

Now when you add trustees specifically, the users get permissions to see
it, and it should block everyone, allow only those you chose.


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.