How to restrict Ruleset creation?
Hi,
I would like ask some help about security setup. Our goal is to restrict the creation of new rulesets to specific users. We created a new access group and access role where all rights were left empty for access class "Rule-RuleSet-Version". After this setup I cannot log in with the user who uses this access group.
Can you help me what is the best practice to achieve our goal? Do you have any idea why I cannot log in anymore?
Thanks!
NCS Pte. Ltd
SG
Hi @GergelyD: In my view, the better way would be securing the application and securing the existing rulesets in application (adding passwords to update). Can check if this helps?
Regarding the new access role, hope you have other required classes added to it. Also please add read access for Ruleset version.
Thanks.
EPAM Systems
HU
Hi @ArulDevan, In our Application rule we only set the rulesets to minor version. Even if we secure a ruleset with password, one can create a new patch version which will be available and place the new rules there.
Aaseya IT Services Pvt LTD
SA
You are probably not able to login with the new Access Group because as you mentioned it has no access role. You Operator profile, Portal, System Dashboard are all configured through access roles.
As for ruleset version creation restriction, for your Access group, You can setup a new access role. Copy any existing user workgroup role. In there for Rule-Ruleset-Version object, keep the Create/Update/Delete values to blank and that should ideally remove the access to do so for that Access Group
EPAM Systems
HU
Thank you all for the previous answers! We just concluded that our approach is not optimal, so we decided to go on a different way.
One question: is there a best practice, to restrict users in an access group to be able to modify any operator ID rules?
Pegasystems Inc.
GB
@GergelyD does our documentation help answer your question?
Specifying privileges for an Access of Role to Object rule
Configuring operator provisioning for a basic authentication service