Forum Discussion

yalixie's avatar
yalixie
New Contributor III
2 years ago

Pseudo Admin Role

We created a customized application support security group (Pseudo Admin role) which excludes the accesses of cube view form input, JE create/post and user security provisioning.  This is required by internal control as segregation of duties.  We updated maintenance group setting with this Pseudo admin group in all applicable components. e.g. Workflow profiles, Transformation rule, dimensions, confirmation rules, Forms/JE template, Dashboards etc.  The limitations we confront are that the following components are accessible only to the default administrators.  Can we enable the discrete security settings to those components instead of default to admin only?  Thanks!

  1. System Diagnostic Dashboard
  2. CAT
  3. Extensibility business rules
  4. Database under System tab
  • JackLacava's avatar
    JackLacava
    Honored Contributor

    The System / Security page has a System Security Role screen. That contains the "System User Interface Roles" section, which should regulate who can see the pages you mention. If you don't see, for example, "DatabasePage" in that list, either you are in a Cloud environment with some limitations (in which case, talk to Support), or you are on a very old version.

  • yalixie's avatar
    yalixie
    New Contributor III

    Thanks for comments! Jack

    We did update "System User Interface Roles" with the Pseudo admin group, but still not allowing the users under this group to access the CAT and System Diagnostic.

    Yali

    • JackLacava's avatar
      JackLacava
      Honored Contributor

      Not sure what "CAT" is, but System Diagnostic is a Marketplace solution. Access to that will be governed by the Access Group set on the Maintenance Unit and the Dashboard Group (and the Workspace, in versions 7.3+ and if not in Default Workspace) that contain its Dashboards. Check on the Dashboards page, either in Application or System.

      If that doesn't work, or works partially (e.g. the user sees the dashboard, but it doesn't load properly), it's possible the solution itself is doing some check in rules, which might be hardcoded to Administrators. In that case, get in touch with Support.

      • yalixie's avatar
        yalixie
        New Contributor III

        Thanks! Already connected with OS Support.  They will assess and get back. 

  • DBLCheck's avatar
    DBLCheck
    New Contributor II

    "CAT" or Cloud Administration Tools and System Diagnostics are both Administrator tools. Only a person with Administrator rights can use these tools. 

  • JosephChimbolo's avatar
    JosephChimbolo
    New Contributor III

    yalixie I see you have answers to most of your questions.   System Diagnostics and CAT require Administrator roles to function.   Due to the nature of Database, access is restricted to full Administrators.  I will look to clarify the System User Interface Role for Database Page.   Lastly, access for Non-Administrators to edit Extensibility Rules was reviewed by Product Management and determined to be functioning as designed, not a defect.  The reason for this restriction is due to the potential impact on the health and performance an application.

    Joseph Chimbolo

    OneStream Product Advocate