We have configured ITop as multy tanent envonrment. All customer are a seperate entity. I have not given them admin tools access as till now we are manageing all user creations/notificaiton/reports etc.
But now tanents are requesting atleast user creation access. But we don't want them to create Administrator user. Otherwise they wil mess it up.
I found there is a Admin tool daligation extension but that is not based on organization level.
We are looking for some workaround at present, can someone advise on this? I was thinking to hide the Administrator Profile form the Profiles menu but there is no option.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
You want each tenant to be able to create/update/delete users only for their organization, and disallow to pick the admin profile ? Did I understood correctly ?
👍
2
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
From: Pierre Goiffon [mailto:pgoiffon@users.sourceforge.net]
Sent: Wednesday, December 18, 2019 4:06 PM
To: [itop:discussion]922360@discussion.itop.p.re.sourceforge.net
Subject: [itop:discussion] Restricted admin rights to Organization
Hello,
You want each tenant to be able to create/update/delete users only for their
organization, and disallow to pick the admin profile ? Did I understood
correctly ?
Admin Tools delegation does handle Allowed organizations.
If you give to a user the profile "User Manager" with some "allowed organizations" then that user will be able to create users within those organizations and with allowed organizations limited to those he has. He cannot provide the profile "Admnistrator" but he can give all other profiles including those that he does not have himself.
I was hoping that this was in the wiki of the extension. I will add it as it was not.
👍
1
Last edit: Vincent @ Combodo 2019-12-18
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I just re-checked again in the system again. I gave User Manager permission to a user called U1 and he is also under Organization A. Other are other Organization as well where he is not added. When U1 is login and he is able to see all other users from other organizations too. Normally this he should not be able to see all other users also.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
We have configured ITop as multy tanent envonrment. All customer are a seperate entity. I have not given them admin tools access as till now we are manageing all user creations/notificaiton/reports etc.
But now tanents are requesting atleast user creation access. But we don't want them to create Administrator user. Otherwise they wil mess it up.
I found there is a Admin tool daligation extension but that is not based on organization level.
We are looking for some workaround at present, can someone advise on this? I was thinking to hide the Administrator Profile form the Profiles menu but there is no option.
Hello,
You want each tenant to be able to create/update/delete users only for their organization, and disallow to pick the admin profile ? Did I understood correctly ?
Yes, this is exactly what we need.
Regards, Lalit
From: Pierre Goiffon [mailto:pgoiffon@users.sourceforge.net]
Sent: Wednesday, December 18, 2019 4:06 PM
To: [itop:discussion] 922360@discussion.itop.p.re.sourceforge.net
Subject: [itop:discussion] Restricted admin rights to Organization
Hello,
You want each tenant to be able to create/update/delete users only for their
organization, and disallow to pick the admin profile ? Did I understood
correctly ?
Restricted admin rights to Organization
https://sourceforge.net/p/itop/discussion/922360/thread/2f03400e6c/?limit=2 5#abbe
Sent from sourceforge.net because you indicated interest in
https://sourceforge.net/p/itop/discussion/922360/
To unsubscribe from further messages, please visit
https://sourceforge.net/auth/subscriptions/
Yes, You understood it correctilly.
Admin Tools delegation does handle Allowed organizations.
If you give to a user the profile "User Manager" with some "allowed organizations" then that user will be able to create users within those organizations and with allowed organizations limited to those he has. He cannot provide the profile "Admnistrator" but he can give all other profiles including those that he does not have himself.
I was hoping that this was in the wiki of the extension. I will add it as it was not.
Last edit: Vincent @ Combodo 2019-12-18
I just re-checked again in the system again. I gave User Manager permission to a user called U1 and he is also under Organization A. Other are other Organization as well where he is not added. When U1 is login and he is able to see all other users from other organizations too. Normally this he should not be able to see all other users also.
You're right, this iTop bug is fixed in the 2.7.0 version planned for April.
https://www.itophub.io/wiki/page?id=2_7_0%3Arelease%3A2_7_whats_new
The beta 2.7.0 is released tomorrow.
Great, Thanks for the informaiton. It worked, i will start testing the leta version.