Very confused with RDM permissions system
Hi,
RDM permissions system is very strange imho. It's different than general IT standards. I have a problem with simple case.
I have this kind of tree structure:
In general:
Countries -> Cities (sites) -> IT system groups -> connections entries
Very logical tree imho.
I have created security groups.
I have created roles and assigned to them security groups and set permissions.
I have created users and assigned roles to them.
And now I have the problem.
I have a scenario where some group has access to all subentries of Poland folder and is able to run connections and reveal all passwords except entries in AS* folder. For this folder they should be able to run connections but they are not allowed to reveal passwords.
I'm unable to achieve this with RDM. Am I doing something wrong? How to setup this kind of standard scenario? "Allow reveal passwords" in Roles looks like be used global instead of only on Role level.
edited by Bin on 7/7/2015
All Comments (4)
Hi,
That something that we want to eventually improve. We want to change the way the reveal password is handled but this is not a simple change. We don't have the Reveal Password right for now in the security group.
David Hervieux
It would be great to support this. Its quite annoying in my scenario to not be able to achieve this. Than you for fast answer... Need to find "the simplest" workaround now...
Guys, so settings in Role screen, Privileges tab are considered as Global for User who has this role assigned? Even if another Role (also assigned to him) has another settings? This is no connected with Roles and Groups security but apply as Global User rights? Can you confirm that/clarify? (looks like that because if I assign to user any Role with "allow reveal password" even if few other has this unchecked then user automatically has reveal password permissions.
Thank you.
Role A assigned to user:
Role B assigned to user:
User global permissions after these settings applied:
edited by Bin on 7/8/2015
Yes the role Privileges are added the user. This means it will become global.
David Hervieux