Accepted Solutions (0)
Answers (1)
Hi @michael_riant ,
hope you are doing well.
Before going into solutions,
1)I hope in your organization only admin users will have MX_ROLE:ADMIN role
2)You have developer studio access to change the Access Control for Forms (access to com.sap.idm.forms.default package)
3)Your requirement will not be applicable or required for user self service at all
In IDM all the modifications will happen via End User UI(in manage TAB). So to restrict own user modification, you should need to change the Access Control settings for Modify Identity Form in com.sap.idm.forms.default package. Instead of default privilege based access control (MX_PRIV:IDS:MANAGE), you can control form access via FILTER method. Here you can filter users by attributes and you can restrict your admin to access Modify Identity Form , If he/she tries to change his own USER ACCOUNT. By this admin can only modify all other users and they can do their job , at the same time they can't change their own access as well. I am not sure this may be the solution for your question, but I hope this will be helpful for you @michael_riant .
Default Forms Package
Default Modify Identity form
Access Control Filter to restrict own user modification
Filter Editor
(!(MSKEYVALUE=EntryId)) this filter will restrict admin to access Modify User form, If they select their own account in manage tab.
here you can see that I can't use Modify Identity (Change Identity form) for my Own user account (basically the logged in user). But I can change all other users data using Change Identity form.
If you have any questions please let me know. If this details helps you in some way I will be really happy.
Thank you !
Best Regards ,
Satheesh M
Bluesky| User | Count |
|---|---|
| 14 | |
| 8 | |
| 6 | |
| 6 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.