Hi,
Wondering if anyone out there has had success with setting up a read-only view of LSA??
We have some functional superusers that would like to be able to use the tool to view attributes of users in their department but don't want/need to change anything.
So far, I've had **some** sucess in that I created the following roles: - ADM Profile - set up one security class (SuperInquiry) with Deny All for all objects except SERVER. For SERVER I have I and InqTypeRole. (otherwise you can't login to LSA) - RM Profile - set up one security class (SuperInquiry) with Inquire access to all RM attributes.
This *seems* to *mostly* work but it doesn't restrict Manage Identities, for some reason. I'm trying to figure out where that's controlled.
Thanks very much for any thoughts you might have! Lenny leonard.courchaine@choa.org
Hi all,
Quick update: We discovered that I was using an older v10 of LSA. I updated to the newest at the recommendation of Infor Support and now I'm seeing Identities and Services objects. So I'll move forward from there. But I'd still be interested in knowing details about how others have done this if you have.
Thanks!
Hi Leonard,
Have you been successfully secure identities and Service in "Manage Identifies" screen? I have created a Role for sub-administrator and created security class that deny access to identity and service. However, it won't work. Sub-Administrator is still be able to change and delete and add in "Manage Identities" Screen. Wonder whether you have any success with that.