Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

GUI / Permission to change OOF

Hello everyone,

we put a person (not from IT) into charge for setting OOF if needed.

We changed permissions for a role inside ARM config to only allow OOF

The person with this ability logs into the ARM app and sets OOF.

BUT: The GUI shows too many sensisitve links e.g. Exchange logga. File logga e.g. is hidden. This is not only confusing but also seems inconsequent.

Is it possible to limit the GUI to only give the ability to look for mailboxes? Hide filesserver ressources etc and also remove any logga and report links inside the GUI?

Not sure if it is meant to be used that way but since it is possible to set it up in user config of ARM....

Thanks

Find more posts tagged with

Accepted answers

All comments

8paul

Hi swg,

what role are you using for that? Data Owner roles (bright green) should only see actions that are enabled for them in the client as well as resources they have been explicitly assigned (at least) read access to.

If the user sees more than is defined in his role / data owner configuration then please make sure that the user does not actually get another role assignment through group membership.

If a user is defined in the user configuration multiple times, for example through group memberships, the highest role will be applied. Not the one that has been specifically assigned, unless of course thats the highest.

If you made sure that there are no role conflicts and the issue persists i would put that in as a bug report.

Regards

Paul

swg

Hi Paul,

double checked the membership of the role and made sure the user has only been assigned to one role. Nothing has been allowed btw. We also deactivated the possibility to log in using both the app and web interface. We can login and we see Exchnage logga and reports etc.

The role itself is the DataOwner role. Dont know fir sure, we renamed this role long ago to 'DataOwener test'.

8paul

Hi swg,

can´t test to confirm that behaviour right now.

I´m pretty sure that this is not how it´s supposed to behave. Please let your rep know to put in a bug report for this.

Best

Paul

allmecht

Hi swg,

if the data owner sees the reports, exchange logga, etc then the data owner role is misconfigured. You can definitly disable all of it and the data owner won't see it.

I tested it with my ARM. It works definitly.

Regards

swg

Thx for testing it.

I double checked again. The role has only OOF enabled. The rest is . Don't know where else to check, but it is not important anymore. We provided that person another way to do it

bjoern-cusatum

Hi,

the start page of ARM always shows some sort of reports. This is, as of now, not configurable. Only Logga reports can be deactivated.

Since the user only needs to set OOF on mailboxes, make sure the data owner configuration limits his ressources. Create a category like "OOF Users" and configure it somewhat like this:

2019-03-29 16_27_56-arm.local (192.168.18.1) - Remote Desktop Connection Manager v2.7.png

This way he only sees the mailboxes. The reports will still be shown on the start page, but most of them are now useless because there are no more ressources.

The starting page is currently working as intended. It would need a feature request to Solarwinds to change this.

If he still sees more ressources than configured and/or can do more than configured, please make sure only one user role is valid for him.

A user can have more than one role when he's a member of one or more cofigured groups (plus possible direct permission) which have permissions in ARM.

The user management first checks the access denied category and then the existing ones from left (Administrator) to right (Requester (employee)).

The first category that matches him will set his permissions. All others will be ignored.

Cheers

Björn