- In other words, ADMIN2 is created next to 'Administrator' (also known as 'ADM'):
This is necessary because the new user must be able to create new users inside every sub-group (for example 'Divisional Users').
However, because the user is now a member of this top-level group, it means that the 'special' user has (by default) administrative access to everything in Controller.
- Specifically, they can use every menu item, and have administrative access inside all of them:
- This is not what the customer wants.
Is there a quick and easy way to restrict the new user so that he/she can only create new users (in Controller) ?
Resolving The Problem
- In other words, they must be located inside the 'top-level' user group
- TIP: If you do not do this, then you will get symptoms such as those described inside separate IBM Technote #123191.
- Specifically, assign the user to belong to a new menu security group which only has access to one menu item ('Maintain - Rights'). For example:
- Create a new group 'ITDEPT' whose only menu item is the 'Maintain - Rights' menu item
- Afterwards, add the 'special' user(s) to this group.
- NOTE: The ADM user is a special user, so cannot be restricted, but other users (who belong in the same top group 'MAIN') can be restricted.
1. Launch Controller, and logon as an administrator (for example the user 'ADM')
2. Click 'Maintain - Rights - Security Groups'
3. Click 'New'
4. Call the new code something sensible (for example 'ITDEPT')
5. Highlight 'Company' and choose 'Not available'
6. Repeat step 5 for the following:
7. Expand 'Maintain'
8. Highlight 'Rights'
9. Change the Access Rights to 'Normal':
10. Press 'Save'.
- TIP: This has created a new Security Group (called 'ITDEPT') which has a restricted set of menu items.
- Any user which is a member of this group, will now get fewer available menu items (inside Controller).
11. Click 'Maintain - Rights - Users'
12. If you have not already created the new user, then:
- Change the 'Create New' choice to be 'User'
- Type in the details of the new user, for example:
- User ID (for example 'ADMIN2')
- Current Password
- Make sure that 'User Group Administrator' is ticked
- Click 'Save'
NOTE: At the current moment, this new user (for example 'ADMIN2') has access to all the menu items in Controller.
- The next step will restrict access to only one menu item.
13. Highlight the relevant user (for example 'Admin2') and choose 'Limitations'
14. Next to 'Menu Group' click '...' button
15. Choose the security group that we created earlier (for example 'ITDEPT')
16. Save changes
17. Test (by logging on as the new user 'ADMIN2')
- The choice of menu items should be restricted to only this one:
Was this topic helpful?
30 March 2020