Friday, May 16, 2008

Granting Users Limited Design Console Access

Sometimes you want to share responsibility to maintain a resource or any other item of a design console with another user who does not belong to Administrator group.

Here, I show you with a technique to grant limited access of design console to users. You can have different groups having different access of design consoles.

1. Modify the user profile User-Type attribute to be "End-User Administrator" instead of "End-User".





Now, after this change, you can log in to the design console. But, you will not be able to see any items. That is because we explicitly need to give access to the menu items.



If you do not do the above said change, you will get the following error.



2. Go to your OIM web application and create a Group, say, "DESIGN CONSOLE MID ADMINS" using your web application and make this user member of the group.





3. Next, login to OIM design console as system admin (xelsysadm or whatever id you use) and authorize the menu items as well as the explicit individual items you want the "DESIGN CONSOLE MID ADMINS" members to see. For example, I will demonstrate an IT Resource called "Excel Sheet", that these members will be able to Read only. You can also assign Write and / or Delete with any combinations.



4. Go to the IT Resource and then navigate to the Administrator tab. Assign your group - "DESIGN CONSOLE MID ADMINS" to the resource and check off the rights you want this group to have. This will ensure to give members of this user the permission to explicitly look at the details of the IT Resource.




5. Now, you are ready to login as this user.

No comments: