8 Replies Latest reply on Mar 29, 2019 10:48 AM by bjoern-cusatum

    GUI / Permission to change OOF


      Hello everyone,


      we put a person (not from IT) into charge for setting OOF if needed.


      We changed permissions for a role inside ARM config to only allow OOF


      The person with this ability logs into the ARM app  and sets OOF.



      BUT: The GUI shows too many sensisitve links e.g. Exchange logga. File logga e.g. is hidden.  This is not only confusing but also seems inconsequent.


      Is it possible to limit the GUI to only give the ability to look for mailboxes? Hide filesserver ressources etc and also remove any logga and report links inside the GUI?


      Not sure if it is meant to be used that way but since it is possible to set it up in user config of ARM....




        • Re: GUI / Permission to change OOF

          Hi swg,


          what role are you using for that? Data Owner roles (bright green) should only see actions that are enabled for them in the client as well as resources they have been explicitly assigned (at least) read access to.

          If the user sees more than is defined in his role / data owner configuration then please make sure that the user does not actually get another role assignment through group membership.


          If a user is defined in the user configuration multiple times, for example through group memberships, the highest role will be applied. Not the one that has been specifically assigned, unless of course thats the highest.


          If you made sure that there are no role conflicts and the issue persists i would put that in as a bug report.




          • Re: GUI / Permission to change OOF



            the start page of ARM always shows some sort of reports. This is, as of now, not configurable. Only Logga reports can be deactivated.

            Since the user only needs to set OOF on mailboxes, make sure the data owner configuration limits his ressources. Create a category like "OOF Users" and configure it somewhat like this:



            This way he only sees the mailboxes. The reports will still be shown on the start page, but most of them are now useless because there are no more ressources.

            The starting page is currently working as intended. It would need a feature request to Solarwinds to change this.


            If he still sees more ressources than configured and/or can do more than configured, please make sure only one user role is valid for him.

            A user can have more than one role when he's a member of one or more cofigured groups (plus possible direct permission) which have permissions in ARM.

            The user management first checks the access denied category and then the existing ones from left (Administrator) to right (Requester (employee)).

            The first category that matches him will set his permissions. All others will be ignored.