HomeGeneralSecurity/PolicysetsSeparate User/Group Administration from other Administration

12.4. Separate User/Group Administration from other Administration

We have a request from our IT department to investigate the ability to create a separation of the user account management (adds and deletes) from other admin level capabilities. If we can do this then the user admin can be relegated to IT and the tool admin can remain within my group for all other admin items. This is in alignment with Sarbanes/Oxley guidelines according to our IT guys who live and breathe this stuff.

Let me know if this is possible and likely in a future release so we can plan accordingly. It would greatly reduce admin hassles and tool management for our organization.


1) Create a new group 'User Administrators'.

2) Create a new policy set which applies to the 'User Administrators' group only.

3) Ensure that this policy set only has 'User Administration' set to true. Everything else should be set to false.

4) In the properties for any Repository, ensure the new group does not have any Permissions in File security or Stream security.

With this in place, any user that only belongs to the 'User Administrators' group will only be able to add, amend or delete users or groups.

This page was: Helpful | Not Helpful