cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Did you know you can set a signature that will be added to all your posts? Set it here! X

Provide a way to elevate user permissions (normal user vs org admin vs site admin)

0 Kudos

Provide a way to elevate user permissions (normal user vs org admin vs site admin)

Status: Archived Submitted by 17-Peridot on ‎Oct 03, 2017 08:54 AM
3 Comments (3 New)

For organizations where users serve multiple roles in an implementation, but still need to see the system at the level where they are authorized.  This becomes more important as advanced authentication techniques are mandated by government and corporate policy (no basic authentication, CAC/Smartcard login, AD authentication tied to user accounts).  This would be essentially "elevating" the user to a higer level of access.

 

Scenario:  User A is a superuser who provides Org admin, Site admin, user support, and performs normal user duties within Windchill.

User_A is supporting a normal user and needs to verify that without admin, the system is working as expected as a normal user.

 

User_A finds out something is wrong and needs to reauthenticate as org_admin_A to investigate.  Issue is still not resolved, so user_A needs to login as site_admin_a to fix say a CAD publishing issue.

 

In the current scenario, Admin accounts are in Windchill DS where the normal user account is required to be in Active Directory.  When CAC/Smartcard is required, this would mean that anyone requiring access at multiple levels (test accounts, admin accounts) would be required to have multiple smartcards, certificates and Active Directory accounts, increasing org burden.

See more ideas labeled with:
3 Comments
BrianToussaint
19-Tanzanite
19-Tanzanite
‎Oct 04, 2017 07:40 AM
‎Oct 04, 2017 07:40 AM

Have you thought about using two different browsers, ie. Chrome and IE11?  Have User A login to Chrome and User_A login to IE11.

jbailey
17-Peridot
17-Peridot
‎Oct 04, 2017 07:58 AM
‎Oct 04, 2017 07:58 AM

Brian,

We do that now with browsers or sessions.

The problem revolves around being forced to use smart card authentication. With smartcard only / forms based with, you need an additional smartcard for each login (not cheap). Other alternatives would be to have each alternate ID certificate on a single card, but then for every smartcard login for the regular user, they would have to thumb through several more certificates to find the right login (and our org is unwilling to do this).  The third option is to customize our credential page for smart card login to utilize the username hint field, however our org has so far been unwilling to do this as well.

 

jim

 

 

olivierlp
Community Manager
Community Manager
‎Jan 05, 2022 09:39 AM
‎Jan 05, 2022 09:39 AM
Status changed to: Archived

Hello,

We are archiving your idea as part of a general review. This action is based on the age of your idea and the total number of votes received, as per this announcement.

You can always post a new idea with all the details required in the form.

Thank you for your participation.