Hello guys,
Do you know if it’s possible to assign the access to the screen: Assigne Roles to the Application Owners and to restrict their access to the Categories the manage (as set in the screen Assigned Profiles) ?
Here is the only documentation that I found: Review Assigned Roles | Netwrix Product Documentation but there is no mention of using an AccessControlRule or anything else to filter the access.
Sincerely,
Hello Massil,
It is not possible yet but this feature should be released soon, it is currently in beta test.
Best,
Thomas
Thanks @THaudot for your reply !
@Maxxil Let me know if you are interested in testing this feature in beta, and I’ll send you the information.
Hello,
You can use this XML code with your application owner profile :
<!-- Access control rules for Assigned Roles Screen with a filter on category -->
<AccessControlRule Identifier="ApplicationOwner_Directory_User_Custom_ProvisioningPolicy_AssignedRoles_Directory_User" DisplayName_L1="Application Owner - Assigned Roles" DisplayName_L2="Propriétaire d'application - Rôles assignés" EntityType="Directory_User" Profile="ApplicationOwner">
<Entry CanExecute="true" Permission="/Custom/ProvisioningPolicy/AssignedRoles/Directory_User" />
</AccessControlRule>
<AccessControlRule Identifier="ApplicationOwner_AssignedCompositeRole_Custom_ProvisioningPolicy_AssignedRoles_Directory_User" DisplayName_L1="Application Owner - Assigned Roles " DisplayName_L2="Propriétaire d'application - Rôles assignés " EntityType="AssignedCompositeRole" Profile="ApplicationOwner">
<Filter Binding="Role.Category.Id" Category="true" />
<Entry CanExecute="true" Permission="/Custom/ProvisioningPolicy/AssignedRoles/Directory_User" />
</AccessControlRule>
<AccessControlRule Identifier="ApplicationOwner_AssignedSingleRole_Custom_ProvisioningPolicy_AssignedRoles_Directory_User" DisplayName_L1="Application Owner - Assigned Roles " DisplayName_L2="Propriétaire d'application - Rôles assignés " EntityType="AssignedSingleRole" Profile="ApplicationOwner">
<Filter Binding="Role.Category.Id" Category="true" />
<Entry CanExecute="true" Permission="/Custom/ProvisioningPolicy/AssignedRoles/Directory_User" />
</AccessControlRule>
<AccessControlRule Identifier="ApplicationOwner_SingleRole_ProvisioningPolicy_AssignedRoles" DisplayName_L1="ApplicationOwner_SingleRole_ProvisioningPolicy_AssignedRoles" EntityType="SingleRole" Profile="ApplicationOwner">
<Filter Binding="Category.Id" Category="true" />
<Entry CanExecute="true" Permission="/ProvisioningPolicy/SingleRole/Query" />
</AccessControlRule>
<AccessControlRule Identifier="ApplicationOwner_Category_ProvisioningPolicy_AssignedRoles" DisplayName_L1="ApplicationOwner_Category_ProvisioningPolicy_AssignedRoles" EntityType="Category" Profile="ApplicationOwner">
<Filter Binding="Id" Category="true" />
<Entry CanExecute="true" Permission="/ProvisioningPolicy/Category/Query" />
</AccessControlRule>
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.