Despite using RBAC the User Interface seems to need users matching the OS-user

Hello DP-admins/users/developers, this is a question about the concept of RBAC users.

I enabled RBAC in a test installation of DP_24.4 on a Linux-CM and created an account for me, matching my primary PCs name and domain.
Then I added my secondary PC as client with component User Interface and tried to log on with my account, there.

But, instead of a logon screen, I got the error:

"You do not have access to any functionality in this cell.
Contact you administrator for details.
12:4045"

After some detective work, I created a second account for me where the name of the PC matches my secondary PC, . . .
. . . and now, I get a logon screen. . .
. . . and I can logon there with my PRIMARY account!

That brings up the questions: What sense does this make? Is that a bug or kind of enhanced security?

Does anybody have experience of using RBAC in productive environments or is that feature still experimental?

Best Regards

  • Verified Answer

    +1  

    Hello

    It makes sense, when you create a user, the "web user name" is automatically created and is composed of the username, domain and client name, but it is also associated with a specific client as you can see in the image.

    Therefore the user name for login is "2fa|jmbdp.local|sov02dp34.jmbdp.local" and can be used in whatever cell client or from whatever client using web console, it doesn't restrict access just to an specific client.

    Best Regards

    Jose Maria Basilio

    Although I am an OpenText employee, I am speaking for myself and not for OpenText.
    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button.

  • 0 in reply to   

    Hello Jose,

    thanks for your answer. But, when I understand that correct, then that is an option for far future, when manager.exe is replaced by any webbrowser.

    As long as manager.exe is the only inferface for nearly all functions, I will need an account for every operating-system-user on every client where I want to administer, cause manager.exe won't work without that.

    Best Regards.

  • 0   in reply to 

    Hello

    Yes you are right, I don't think so anyway that GUI console will be removed in a near future.

    Best Regards

    Jose Maria Basilio

    Although I am an OpenText employee, I am speaking for myself and not for OpenText.
    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button.