We have a requirement to create role similar to administrators except without user management and roles management.
Looks like if we do so then we will not be able to manage devices, profile creation etc.
By default, only the original administrator role has admin rights, even if all available rights have been added to that role.
Release : 3.7
Release : 20.2
Component : CA Performance Center
Create a new role, and remove the desired rights:
..
Use REST to set your new role as an admin role.
http://admin:[email protected]:8181/pc/center/webservice/roles/tenant/tenantName/Default Tenant/en-US
example return:
<role>
<roleId>500</roleId>
<name>test-role</name>
<description/>
<tenantId>8</tenantId>
<enabled>true</enabled>
<userCount>0</userCount>
<updatedOn>2021-03-02T11:29:17-05:00</updatedOn>
2. Elevate that roleId to admin by doing a PUT using a REST client.
..
..
And now users that you add to this role have full admin rights, minus whatever you did or didn’t add.
You can verify this here, it only lists admin roles:
http://YOUR-PC:8181/pc/center/webservcie/roles/administratorRoles/en-US
.
This is the only place this is documented:
http://YOUR-PC:8181/pc/center/rest/roles/documentation
https://knowledge.broadcom.com/external/article/141578/