Legacy admin user management for scoped Domain showing all directories
search cancel

Legacy admin user management for scoped Domain showing all directories

book

Article ID: 234595

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

- Legacy Admin user management for scoped Domain issue showing all directories 

- Issue Details :

- Domain name in Adminui is --> "testDomain"  with this Domain linked to  is linked to DIRA (only)
- Create a legacy Admin --> from Adminui 

<Legacy Administrator: testadmin>
Name -->  testadmin   
System or Domain-->  Domain
Tasks -->  Manage Users 
Scope Domains  --> testDomain 

- Once done access the Adminui Through https://<adminui_host>:8443/iam/siteminder/adminui 

- once loaded , you will see that the menu only shows Administration tab --> users --> Manage User accounts 

however all the Directories created in the policy Store are getting listed while the Expectation is only DIRA  which is the only dir linked to the domain assigned in the scope of the Admin should be listed 

Environment

Release : 12.8

Component : SITEMINDER WAM UI

Resolution

Legacy administrator with the "Manage Users" task permissions can also control the users from the all the directories by design.

The scope of the "Manage Users" is not limited to the domain selected.

The domains scope selection functionality to applicable to "Manage Domain Objects" tasks but not for "Manage Users".

It is recommended to use Administrator (not legacy administrator) from external store for Fine-grained access control to the policy objects.