Provide access to edit only specific roles

Ashish_S_R1 · April 17, 2019, 11:14am

Dear Experts,

We have a scenario where our MWS is connected to LDAP. We have certain MWS system administrators as well.
We often get requirements where the Operations team (we have a role created for Operations team and added certain users) need to add a new member to existing role in MWS.
However, the operation team do not have access to edit roles.
Now, if we give access to the operations team to edit roles, then they can actually add themselves as Administrator or edit any Administrator based roles.
Is there a way where we can grant them access to edit only specific roles and not all roles.?

Thanks,
Ashish

Mahesh_K_Sreenivas · April 17, 2019, 1:27pm

If these roles/users on MWS, then have you tried writing a java service using the class “com.webMethods.sc.directory.*” to check and edit the roles (add/removed users), wrap it in a flow service and expose it as a restful API.

fml2 · April 18, 2019, 8:31pm

AFAIK this is not possible with the default GUI.

As was previously stated, your best option is probably to disable role editing in the standard GUI and then provide your own access with finer grained permission system (you’ll have to implement it yourself).