Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1261
Views
3
Helpful
3
Replies

Org Tech Admin can add user from other org?

Hungnt_sbd
Level 1
Level 1

‎06-28-2013 02:32 AM

We are currently on a trial run with CIAC, and I am testing User Management with a Organization Tech Admin account (OTA).

To my suprise, when adding user and select "existing user", I can see every account currently on Cloud Portal, and even successfully add user from other organization to my orgnization.

Is there anyway so that OTA can see only the users in their own organization?

Labels:
0 Helpful
3 Replies 3

Lee Calcote
Level 3
Level 3

‎06-28-2013 06:33 AM

Hung, once the user has been assigned to an organization in IAC, a subsequent assignment of this same user to another organization should present you (the OTA) with an alert informing you that this user is being relocated from one organization to the next. IAC 4.0 will embed multi-tenancy into all services, including this people picker. IAC 4.0 will introduce two new tenant-level roles - the Tenant Technical Administrator (TTA) and the Tenant Business Administrator (TBA). It's worth noting that the behavior of 4.0 will be such that as a TTA, when selecting an existing user, the division between which users will be shown in this list will be on the order of tenants, not organizations.    

Hungnt_sbd
Level 1
Level 1
In response to Lee Calcote

‎07-14-2013 08:29 PM

I just firgured out a way to limit OTA from seeing other users. It's a permission in Organization Desiner Module which is "Read all Person". But OTA can still see all Organization also (Org Management portlet).

So there's a lot of thinh to be done with CIAC for a Hosted Private Cloud model like ours.

BTW, cloud you please share any information regarding when 4.0 version will be released ?

0 Helpful

support aciernet
Level 1
Level 1

‎08-02-2013 03:12 AM

I've been able to remove the admin role from a site administrator with an OTA.

I know there are issues when you log with an user then logout and relog with another user, CIAC considers that you are still the previous user (I've encountered the issue several times in portlets in the nsapi requests). I don't know if/how those issues are related, but I'd say that logout/login issue were an user has the same rights than the previous users should be fixed.

Changing OTA rights will not change that particular issue.

For the moment, what we've done is create our own servlet for requests to the sql DB, and our own roles for most services.

Let's see what v4 has in store for us.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card