• State Not Answered
  • Replies 5 replies
  • Subscribers 62 subscribers
  • Views 853 views
  • Users 0 members are here
Options
Related

List objects where I'm secondary owner

mna1
10 months ago

Hello. I'm trying to customize the Self Service web portal. When I go to "My Managed Resources", it shows a list of groups where I'm Primary owner (i.e. managedBy). Is there a way to customize this so that it would also show objects (both users and groups) where I'm the secondary owner?

If this is not possible to accomplish by customizing the self service portal, what would be an alternative way to do this?

Thanks.

  • 0 10 months ago

    I realize this may not really answer your question, but if you go into the ARWEBAdmin site, select a user and select Entitlement Profile, you can see what objects they are secondary owner of in there.

  • 0 10 months ago in reply to JohnnyQuest

    Thank you for the suggestion but it wouldn't really work for our users. I have explained what I'm trying to do in more details in another message

  • 0 10 months ago

    I'll explain what I'm trying to do in more detail. Maybe, there is another way to do this. We have a number of users who will manage other accounts that also belong to them. These accounts are mostly set up for specific use cases and reside in many different OUs. We need the users to be able to only reset passwords on these managed accounts. Because there is no easy way to delegate permissions to each user for the accounts they manage, we thought we would make the user "Secondary Owner" of these managed accounts. What I'd like to be able to do is see all these managed accounts in one place when a user logs into the web portal (I'm using Self Service but I can change it to the Admin or Helpdesk site if necessary). So, the question is: is there a way to list all the accounts for a user who is secondary owner of these accounts?

    Hope this clarifies my goal a little better.

  • 0 10 months ago in reply to mna1

    Also, if developing a custom page would accomplish this, I would be open to hearing how that could be done. Thanks.

  • 0 10 months ago in reply to mna1
    mna1 said:
    Because there is no easy way to delegate permissions to each user for the accounts they manage, we thought we would make the user "Secondary Owner" of these managed accounts.

    There IS a way to delegate to those accounts where one is Secondary Owner.

    I would suggest setting up a Managed Unit where the membership rule consists of all objects with a secondary owner defined. - i.e. edsvaSecondaryOwnerGUIDS is present.

    Then, delegate to the AR built-in security principal "Secondary Owners":

    View access to all user objects (this will filter out objects where the logged in user is not secondary owner)
    Whatever other rights you want (in my example I have delegated "Write All Properties")
    The ability to Traverse Managed Unit

    Managed Unit Delegated Permissions

    Traverse Managed Units Access Template


    NOTE:  This assumes that you have NOT granted all users of Active Roles the ability to read all objects in AD.