Skip navigation
Currently Being Moderated

AdminUI question about default "Role(s)" for new user accounts

Sep 13, 2007 7:04 PM

I don't have LDAP connected to this LCES server to try this, so I thought I'll just post the question here instead:

when I manually create a user account in the Default Domain, one of the steps in the create user process is to assign some "Roles" for the account; and by default, none of the available Roles (including the "WorkSpace user" role) was associated with the new user.

question is, is that also the case for those user accounts that you bring into the server after you sync with the LDAP? ie. new accounts (from LDAP) got created without any Role assigned initially?

if the accounts got created without any Role, is there an easy way to assign the "WorkSpace User" role to all of them?

thanks
James
 
Replies
  • Currently Being Moderated
    Sep 14, 2007 5:26 AM   in reply to (James_Dee)
    It's the same for LDAP.

    The best way to assign role to a bunch of people is to assign the role to a LDAP group that contains all the users.

    You can also go under User Management/Role Management and select you role and then manually select all the users you want to assign this role to. This will also assign the role to all the users in one shot, but you'll need to manually select the users.

    Jasmin
     
    |
    Mark as:
  • Currently Being Moderated
    Sep 15, 2007 3:11 AM   in reply to (James_Dee)
    Hi James
    Assigning to All Principals should work.
    LiveCycle will also automatically create a "local" group called "All Principals in Domain X" whenever you create a new domain, and you could use that domain instead.

    It's not that Adobe is discouraging the use of Workspace, it's more a general principal that the system should be secure by default. This is a very good principal to follow, otherwise you could easily get accidental or malicious misuse of the system. This basically means that nobody should automatically be allowed to do anything unless they have been explicitly granted authority. As the administrator of the system, you can choose to override the defaults using the "All Principals" group, but this is a decision you're explicitly making.

    Adobe also appear to follow the principal of "Privacy by default" - for example, you can't see anyone else's task list unless they explicity grant you access.

    Regards,
    Howard
    http://www.avoka.com
     
    |
    Mark as:
  • Currently Being Moderated
    Sep 16, 2007 5:13 AM   in reply to (James_Dee)
    You might have created a workflow that automatically deducts $100 from your account, and credits it to the account of whoever started the workflow :-) Not sure if you'd like everyone to automatically have access to that workflow.

    OK, that's probably not a good example, and I take your point. But the point is that you can modify the default behaviour, by granting Workspace access to All Principals.

    Regards,
    Howard
     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)