- Legacy Admin user management for scoped Domain issue showing all directories
- Issue Details :
- Domain name in Adminui is --> "testDomain" with this Domain linked to is linked to DIRA (only)
- Create a legacy Admin --> from Adminui
<Legacy Administrator: testadmin>
Name --> testadmin
System or Domain--> Domain
Tasks --> Manage Users
Scope Domains --> testDomain
- Once done access the Adminui Through https://<adminui_host>:8443/iam/siteminder/adminui
- once loaded , you will see that the menu only shows Administration tab --> users --> Manage User accounts
however all the Directories created in the policy Store are getting listed while the Expectation is only DIRA which is the only dir linked to the domain assigned in the scope of the Admin should be listed
Release : 12.8
Component : SITEMINDER WAM UI
Legacy administrator with the "Manage Users" task permissions can also control the users from the all the directories by design.
The scope of the "Manage Users" is not limited to the domain selected.
The domains scope selection functionality to applicable to "Manage Domain Objects" tasks but not for "Manage Users".
It is recommended to use Administrator (not legacy administrator) from external store for Fine-grained access control to the policy objects.