We are facing issue with license setup vs access rights.
We did verify the instance, OBS and global rights for that resource but we are seeing few rights at license portlet(of type FULL) those not there at resource access rights level.
Resources with no groups have ‘mystery’ additional rights which cannot be removed.
After further digging from SAAS side, we see Rights by User portlet is using views in the query which might be creating this discrepancy (user account access rights and Rights by User portlet results are not same).
FROM cmn_sec_groups_v s,cmn_lic_lookup_v v,cmn_sec_users u,cmn_lic_right_v r
WHERE s.id in ( SELECT right_id
FROM cmn_lic_users_v
WHERE [email protected]:param:xml:integer:/data/user_id/@[email protected])
AND EXISTS (select 1
FROM cmn_sec_chk_user_r_v0
WHERE object_id = 1
AND permission_code = 'AdminAccess'
AND user_id = @WHERE:PARAM:[email protected])
AND @[email protected]
Release : 15.9.2
Component : Clarity Users, Groups, OBS Administration
It was identified that user has rights directly assigned at the Department OBS unit level and that was the reason some users were getting additional rights. Removing those rights from OBS unit would reduce license count because users who assigned to those units will no longer getting those additional rights.