Page permissions are not properly working for a user that belongs for more than one group:

Page permissions are not properly working for a user that belongs for more than one group:

When a user is mapped to more than 1 group, the page permissions takes permissions from lower permitted group.

 

In our company all users are member of IT Department group which is the root group of LDAP. This group has limited permissions.

We are also member of special sub Monitoring- department which has admin permissions.

 

DEPARTMENT

  • USER01
  • USER02                                         - NORMAL USER ROLE
  • USER03

 

SUBDEVISION 01

  • APM USER01
  • APM USER02                             ADM USER ROLE
  • APM USER03

 

 

That is why we are in 2 groups with different permissions.

Monitoring Department has full permission, other IT Department members has permission to see MyBSM page only.

 

Current result:

We can see MyBSM page only, not the rest.

 

Benefits/Value:

How the permission concept from vendor works?

Is there an existing one?

 

Design details:

The user should take permissions from higher permitted group (Monitoring Department).

 

 

3 Comments
Visitor.. MBurkard
Visitor..

Important feature what is a requirement to fullfil the European finance bank security restrictions to be compliant for the European Federal Bank audit, not losing the rights to act in the finance sector as a bank.

Honored Contributor.. Richard Snader Honored Contributor..
Honored Contributor..

This has been a requested enhancement for a few years!  I haven't fooled with this in OMi too much, but I know that it can be a pain in the bunns. We have many folks that have varying levels of support and access to see screens.  Our Server platform teams need to see all of the servers, and most of the apps the servers are running.  But the app support teams don't need to see all of the servers.  If we add a server person to an app team role so that they can see the app team's dashboards, they lose the ability to see all of the servers...    Would really like to see the Security Permissions be an AND operation, not a Lowest Level operation.

Micro Focus Expert
Micro Focus Expert
Status changed to: Declined

We do not plan to offer this functionality for the current APM.

In future we are working on a tighter integration into the ITOM platform and the Operations Bridge. With this move we plan to improve  user management and consider this use case as well.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.