How to create roles similar to administrator except without user management

book

Article ID: 209608

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration

Issue/Introduction

We have a requirement to create role similar to administrators except without user management and roles management.

Looks like if we do so then we will not be able to manage devices, profile creation etc.

Cause

By default, only the original administrator role has admin rights, even if all available rights have been added to that role.

Environment

Release : 3.7

Release : 20.2

Component : CA Performance Center

Resolution

Create a new role, and remove the desired rights:

..

Use REST to set your new role as an admin role.

  1. Replace YOUR-PC with your pc.
  2. Your password for admin will vary.
  3. Paste the url into a browser if it will not launch when clicked.

 

  1. Get the roleId

http://admin:[email protected]:8181/pc/center/webservice/roles/tenant/tenantName/Default Tenant/en-US

example return:

<role>

<roleId>500</roleId>

<name>test-role</name>

<description/>

<tenantId>8</tenantId>

<enabled>true</enabled>

<userCount>0</userCount>

<updatedOn>2021-03-02T11:29:17-05:00</updatedOn>

     2. Elevate that roleId to admin by doing a PUT using a REST client.

..

..

And now users that you add to this role have full admin rights, minus whatever you did or didn’t add.

 

You can verify this here, it only lists admin roles:

http://YOUR-PC:8181/pc/center/webservcie/roles/administratorRoles/en-US

 

.

 

Additional Information

This is the only place this is documented:

http://YOUR-PC:8181/pc/center/rest/roles/documentation

 

https://knowledge.broadcom.com/external/article/141578/

 

Attachments