Pseudo Admin Role

yalixie
New Contributor III

We created a customized application support security group (Pseudo Admin role) which excludes the accesses of cube view form input, JE create/post and user security provisioning.  This is required by internal control as segregation of duties.  We updated maintenance group setting with this Pseudo admin group in all applicable components. e.g. Workflow profiles, Transformation rule, dimensions, confirmation rules, Forms/JE template, Dashboards etc.  The limitations we confront are that the following components are accessible only to the default administrators.  Can we enable the discrete security settings to those components instead of default to admin only?  Thanks!

  1. System Diagnostic Dashboard
  2. CAT
  3. Extensibility business rules
  4. Database under System tab
6 REPLIES 6

JackLacava
Honored Contributor

The System / Security page has a System Security Role screen. That contains the "System User Interface Roles" section, which should regulate who can see the pages you mention. If you don't see, for example, "DatabasePage" in that list, either you are in a Cloud environment with some limitations (in which case, talk to Support), or you are on a very old version.

yalixie
New Contributor III

Thanks for comments! Jack

We did update "System User Interface Roles" with the Pseudo admin group, but still not allowing the users under this group to access the CAT and System Diagnostic.

Yali

JackLacava
Honored Contributor

Not sure what "CAT" is, but System Diagnostic is a Marketplace solution. Access to that will be governed by the Access Group set on the Maintenance Unit and the Dashboard Group (and the Workspace, in versions 7.3+ and if not in Default Workspace) that contain its Dashboards. Check on the Dashboards page, either in Application or System.

If that doesn't work, or works partially (e.g. the user sees the dashboard, but it doesn't load properly), it's possible the solution itself is doing some check in rules, which might be hardcoded to Administrators. In that case, get in touch with Support.

yalixie
New Contributor III

Thanks! Already connected with OS Support.  They will assess and get back. 

DBLCheck
New Contributor II

"CAT" or Cloud Administration Tools and System Diagnostics are both Administrator tools. Only a person with Administrator rights can use these tools. 

JosephChimbolo
New Contributor III

@yalixie I see you have answers to most of your questions.   System Diagnostics and CAT require Administrator roles to function.   Due to the nature of Database, access is restricted to full Administrators.  I will look to clarify the System User Interface Role for Database Page.   Lastly, access for Non-Administrators to edit Extensibility Rules was reviewed by Product Management and determined to be functioning as designed, not a defect.  The reason for this restriction is due to the potential impact on the health and performance an application.

Joseph Chimbolo

OneStream Product Advocate

 

OneStream Product Advocate