3 Replies Latest reply on Feb 4, 2019 9:49 PM by 8paul

    GUI / Permission to change OOF

    swg

      Hello everyone,

       

      we put a person (not from IT) into charge for setting OOF if needed.

       

      We changed permissions for a role inside ARM config to only allow OOF

       

      The person with this ability logs into the ARM app  and sets OOF.

       

       

      BUT: The GUI shows too many sensisitve links e.g. Exchange logga. File logga e.g. is hidden.  This is not only confusing but also seems inconsequent.

       

      Is it possible to limit the GUI to only give the ability to look for mailboxes? Hide filesserver ressources etc and also remove any logga and report links inside the GUI?

       

      Not sure if it is meant to be used that way but since it is possible to set it up in user config of ARM....

       

       

      Thanks

        • Re: GUI / Permission to change OOF
          8paul

          Hi swg,

           

          what role are you using for that? Data Owner roles (bright green) should only see actions that are enabled for them in the client as well as resources they have been explicitly assigned (at least) read access to.

          If the user sees more than is defined in his role / data owner configuration then please make sure that the user does not actually get another role assignment through group membership.

           

          If a user is defined in the user configuration multiple times, for example through group memberships, the highest role will be applied. Not the one that has been specifically assigned, unless of course thats the highest.

           

          If you made sure that there are no role conflicts and the issue persists i would put that in as a bug report.

           

          Regards

          Paul

            • Re: GUI / Permission to change OOF
              swg

              Hi Paul,

               

              double checked the membership of the role and made sure the user has only been assigned to one role. Nothing has been allowed btw. We also deactivated the possibility to log in using both the app and web interface. We can login and we see Exchnage logga and reports etc.

               

              The role itself is the DataOwner role. Dont know fir sure, we renamed this role long ago to  'DataOwener test'.