06-28-2013 02:32 AM
We are currently on a trial run with CIAC, and I am testing User Management with a Organization Tech Admin account (OTA).
To my suprise, when adding user and select "existing user", I can see every account currently on Cloud Portal, and even successfully add user from other organization to my orgnization.
Is there anyway so that OTA can see only the users in their own organization?
06-28-2013 06:33 AM
Hung, once the user has been assigned to an organization in IAC, a subsequent assignment of this same user to another organization should present you (the OTA) with an alert informing you that this user is being relocated from one organization to the next. IAC 4.0 will embed multi-tenancy into all services, including this people picker. IAC 4.0 will introduce two new tenant-level roles - the Tenant Technical Administrator (TTA) and the Tenant Business Administrator (TBA). It's worth noting that the behavior of 4.0 will be such that as a TTA, when selecting an existing user, the division between which users will be shown in this list will be on the order of tenants, not organizations.
07-14-2013 08:29 PM
I just firgured out a way to limit OTA from seeing other users. It's a permission in Organization Desiner Module which is "Read all Person". But OTA can still see all Organization also (Org Management portlet).
So there's a lot of thinh to be done with CIAC for a Hosted Private Cloud model like ours.
BTW, cloud you please share any information regarding when 4.0 version will be released ?
08-02-2013 03:12 AM
I've been able to remove the admin role from a site administrator with an OTA.
I know there are issues when you log with an user then logout and relog with another user, CIAC considers that you are still the previous user (I've encountered the issue several times in portlets in the nsapi requests). I don't know if/how those issues are related, but I'd say that logout/login issue were an user has the same rights than the previous users should be fixed.
Changing OTA rights will not change that particular issue.
For the moment, what we've done is create our own servlet for requests to the sql DB, and our own roles for most services.
Let's see what v4 has in store for us.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide