Security

Reply
Highlighted
New Contributor

Clearpass operator filter

Hi,

 

Is there any solution to operators i a profile to controlling and overwriting 2 roles but only view the ones created by themselves(one of roles)?

 

I have operators that creates guest users with extended time. These guest user get the role "Longterm". But when the guest have allready created a user with self registration they get the role "Guest".

 

I have managed to fix the overwrite from the operator side when guest user already existed with the variable auto_update_account hidden value.

 

This works when I then select the roles "Guest" and "Longterm" under "User Roles:" which is the roles that these operators are permitted to use.

But I dont want the operator of this profile to view all the guests in the whole network, only the ones they created. So the Operator filter was set to "Only show accounts created by operator with this profile"

This work for the view part. But overrides the "User Roles:" part and cannot overwrite guest users anymore.

 

It seems that view and use is the same in these two settings.

 

In all I want the operator of this profile to edit/overwrite "Guest" and "Longterm" but only view "Longterm" in the manage section, is this possible in any way?

 

Best regards,

Mats

MVP Expert

Re: Clearpass operator filter

Simple question - If the operator can't view the entry with role of "Guest" how would they be able to update them? Sounds like the ones they create might need a unique role seperate from the self-registration accounts if you only want them to edit the ones that have been manuallye entered. If you want them to have access to self-registrations as well, then you need to allow them access to both Guest and Longterm I believe. Can't modify what we can't see.



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
New Contributor

Re: Clearpass operator filter

Hi,

 

So the "Longterm" role is defined if the operator creates the user, meaning if the user already exists as a Guest role after selv-reg, it will be overwritten og added as the "Longterm" role when the operator creates that user again.

 

The view is a matter of privacy for all the other guest users, So the operator only can see and manage the ones they create (Longterm role) but ofc can overwrite a guest role if they need to make it Longterm.

 

Im guessing what I ask for is not available thus to "what you can see, you can edit" policy it seems. But would be good if we could find a solution anyways.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: