In addition, allow for the staging server to be independent of the production server for users. Two examples would be to be able to inactivate a user without having to migrate the change and allow for the user cache to be refreshed without taking a production outage.
I had to take a production outage to refresh the staging server because a user was removed from the ldap server but they still existed in the user cache.
It would be very beneficial to have a method for enrolling new users in Integrity without the need of the admin client. The teams that perform user-enrollment do not need the full capability of the admin client. The present a problem with adhering to IT and security policies within our organization.
Clarification: This means adding an LDAP user, or MKS domain user, to a group BEFORE that user has ever logged into Integrity.
I#d like to have one Mask in which I can set all access rights to the different parts of the Integrity tool. I do not want to switch between the different masks of the different tool parts to set the basic access rights for a user.
For Source, some kind of ACL template would also be helpful. This would avoid the (errorprone) need to click through every single ACL field for new users/groups.
Here, most users/groups always have the same ACLs, maybe differing by allowed read/write access to a project.
Regarding the point you mentioned - check a user's access right onto a project node directly at the node and not only via the admingui function "Evaluate ACL"
I am guessing you think a feature in si client gui could be useful to evaluate a specific user's access rights on a project node (or maybe even on a member)? Basically without a need to go to admin GUI, you need an ability to evaluate the entire ACL structure for a user?
I have a pretty decent solution configured for my user management. i shared my solution with the group at liveworx.
I have been able to configure a solution where project access is handled using triggers. The projects and project leaders handle their own access control by simply adding the user to defined roles in the project item for example. we use triggers to handle all the back-end work, with groups, project visibility, dynamic groups. I've also implemented a user item that gives user a snap shot of all projects they have access to and what permissions they have
other features that will be great is
1. User activity tracking dashboard or table. When did user log-on? how long were they logged on? etc
2. Better control with cascading user access. Right now, when a user is given access to a group, the user gains access to any other group that may have given previous group and any other group that may have also given access to previous group. They is no way to limit the access or even just track what indirect group access they have as a result of addition to a single group
i can talk more about this when we have the meeting.
I want to be able to see quickly and easily which user has which permissions in which projects. This includes both static and dynamic groups as well as projects and subprojects with and without inheritance.
I also want to be able to follow the other direction quickly and easily, for example if a dynamic group is used to map roles that have different members in different items according to projects and subprojects.
Of course I want to be able to edit these groups and projects in this simple overview. And i dont want to stage this in a staging couple.
A lightweight user management interface in the form of Simplified User Management has been introduced in the Refreshed Web UI. This UI will be expanded further to incorporate more features.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
