Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1265
Views
0
Helpful
7
Replies

Access Restriction in CPO?

Go to solution
gputhota
Cisco Employee
Cisco Employee

‎04-24-2012 10:12 AM

Hi Team,

Currently we are facing two different issues w.r.t Access Restriction in CPO.

Issue 1 : User needs to be added to Admin group inorder to have access to all the features of CPO.

Description : We added a new user to the groups TEO Definition Authors and TEO Operators on one of our CPO servers. When the user is trying to create a new target, under advanced properties, no options are being listed for default patterns type. Only when we added the user to the TEO Administrators group, the user could create the target successfully.  Is there anyway on we can restrict the user not to have admin access and still be able to have access to all developer features?

Issue 2 : Windows user in CPO

Description : One of our clients noticed that inorder to add a windows user in CPO, that user had to be part of the administration group of the host and this gives access to this same windows user to the TEO windows host as Admin.

We believe that the above two issues are similar and what steps we can take to restrict the access to the users. It is extremely important that the users using our CPO environment have access to all the needed features as developers without being part of the Admin group.

Appreciate your help.

Thanks,
Greg

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Shaun Roberts
Cisco Employee
Cisco Employee
In response to gputhota

‎05-08-2012 01:56 PM

To add users they should be a part of the TEO administrators group. Or you can create your own customized security with create/update for run time users.

For windows runtime users, those users must be able to login interactively with the box and must have login as a service/login as batch in local/group security policy.

--Shaun Roberts
Principal Engineer, CX
shaurobe@cisco.com

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Shaun Roberts
Cisco Employee
Cisco Employee

‎04-24-2012 10:31 AM

For #1, go under administration->security and define a new security group and give them whatever permissions you desire for them to have. It will have to be a custom security group, then just add them to it in windows.

For #2, are you referring to the run-time user or the user creating it?

Probably best to open up a TAC case as well with your issues.

--Shaun Roberts
Principal Engineer, CX
shaurobe@cisco.com
0 Helpful

Go to solution
gputhota
Cisco Employee
Cisco Employee
In response to Shaun Roberts

‎05-08-2012 01:43 PM

Thanks Chris for your reply. I am working out the options for #1 to define appropriate permissions for the users.

For #2, I am referring to the run-time user.

Regards,

Greg

0 Helpful

Go to solution
Shaun Roberts
Cisco Employee
Cisco Employee
In response to gputhota

‎05-08-2012 01:56 PM

To add users they should be a part of the TEO administrators group. Or you can create your own customized security with create/update for run time users.

For windows runtime users, those users must be able to login interactively with the box and must have login as a service/login as batch in local/group security policy.

--Shaun Roberts
Principal Engineer, CX
shaurobe@cisco.com
0 Helpful

Go to solution
gputhota
Cisco Employee
Cisco Employee
In response to Shaun Roberts

‎09-05-2012 06:08 AM

Hi Shaun,

We faced a different issue with the access restriction in place. We created TEO Definition Authors group for all the developers in our CPO Dev platform. Access for this group is restricted to only few operations and objects. We granted "ALL" for very few objects.

With these restrictions, while sending an email, the users encountered an "Read" "Use" error with the Adapter. We added Adapter and Adapter Settings objects in the ALL operations category. It seemed to work for a while and a week later they faced the same issue, even though  the permissions are available to the groups.

All the AD group access and Roles are in place. At the end, I added  the objects Adapter and Adapter settings to an already existing Type with the operations as "Read" and "Use". This fixed the issue.

However it didnt sound convincing as why it didnt work with the same perimission which was enabled as part of "ALL" operations.

.Any thoughts?

Regards,

Greg

0 Helpful

Go to solution
Shaun Roberts
Cisco Employee
Cisco Employee
In response to gputhota

‎09-05-2012 06:49 AM

something else must have changed to change up the way it was functioning.

You must have access to the adapter to use it's activities.

Email adapter in this case if you are sending email.

--Shaun Roberts
Principal Engineer, CX
shaurobe@cisco.com
0 Helpful

Go to solution
gputhota
Cisco Employee
Cisco Employee
In response to gputhota

‎09-05-2012 11:31 PM

Same thing happened again today. Even after the "Read" "Use" settings added again for adapter, adapter settings, Users faced the same problem.

This time, I de-selected the settings from both the TYPES and just added it back in the first category. It worked and the users could use the adapter. None of the workflows are changed, nor the settings. Its only that servers are restarted once for maintenance activities.

Is this a bug in the platform, that we need to take up with the TAC team?

Appreciate your response.


Regards,
Greg

0 Helpful

Go to solution
Shaun Roberts
Cisco Employee
Cisco Employee
In response to gputhota

‎09-06-2012 05:40 AM

I'm not aware of a bug, but yes open a TAC case and someone from support can worth with you to verify if a bug exists and follow up with engineering.

-shaun

--Shaun Roberts
Principal Engineer, CX
shaurobe@cisco.com
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents