Read-only access to LSA

Sort:
You are not authorized to post a reply.
Author
Messages
Leonard Courchaine
Veteran Member
Posts: 55
Veteran Member

    Hi,

    Wondering if anyone out there has had success with setting up a read-only view of LSA??  

    We have some functional superusers that would like to be able to use the tool to view attributes of users in their department but don't want/need to change anything.

    So far, I've had **some** sucess in that I created the following roles:
    - ADM Profile - set up one security class (SuperInquiry) with Deny All for all objects except SERVER. For SERVER I have I and InqTypeRole. (otherwise you can't login to LSA)
    - RM Profile - set up one security class (SuperInquiry) with Inquire access to all RM attributes.

    This *seems* to *mostly* work but it doesn't restrict Manage Identities, for some reason.  I'm trying to figure out where that's controlled.

    Thanks very much for any thoughts you might have!
    Lenny
    leonard.courchaine@choa.org

    Brian Allen
    Veteran Member
    Posts: 104
    Veteran Member
      I've setup sub-admins before for functional areas with rules for only accessing roles that start with "FN" for finance for example, but I don't recall any way to control the identities if someone has access to the security administrator.
      Leonard Courchaine
      Veteran Member
      Posts: 55
      Veteran Member

        Hi all,

        Quick update:  We discovered that I was using an older v10 of LSA.  I updated to the newest at the recommendation of Infor Support and now I'm seeing Identities and Services objects.  So I'll move forward from there.  But I'd still be interested in knowing details about how others have done this if you have.

        Thanks!

        Xin Li
        Veteran Member
        Posts: 133
        Veteran Member

          Hi Leonard,

          Have you been successfully secure identities and Service in "Manage Identifies" screen? I have created a Role for sub-administrator and created security class that deny access to identity and service. However, it won't work. Sub-Administrator is still be able to change and delete and add in "Manage Identities" Screen. Wonder whether you have any success with that.

           

          Leonard Courchaine
          Veteran Member
          Posts: 55
          Veteran Member
            Hi,
            Wow! It's been a while! Turned out to be a bug that was getting fixed with a later environment patch. I never have gotten back to it to verify/try further. Sorry!
            We're on v10 now with ISS and are just as bummed that we can't easily lock out certain ISS functionality!! Future enhancement maybe?!
            You are not authorized to post a reply.