Do you have feedback on our new interface?
Do you have feedback on our new interface? Let us know HERE

Add access control for System Properties

Add access control for System Properties

Hello OO development team and members of OO community,

currently System Properties in OO Central have no access control. Everyone logged to Central can see them and also edit the values. This is not acceptable from both security and integrity points of view. If we store values in System Properties that all or most production flows use and an inexperienced or irresponsible user changes the values to wrong ones it could have serious impact on the execution of production flows.

Please enhance the access control possibilities for System Properties to make it possible to set who can view and edit the system properties

Kind regards

Jan Rys

4 Comments
Micro Focus Expert
Micro Focus Expert
Status changed to: Waiting for Votes
 
Micro Focus Contributor
Micro Focus Contributor

There are "View Configuration Items" and "Manage Configuration Items" permissions in OO Central.

If a person's roles do not have those permissions, then the user won't see Configuration Items tab...

Probably a more useful thing is to make more granular access to specific System Properties and SP folders, like we have for System Accounts and Flows...

kmann Regular Contributor.
Regular Contributor.

Yes, I agree!  We run a multi-tenant environment with many different business units.  The business units are separated so BU1 should not be able to view/run/modify ANYTHING of BU2.  But the way it works right now is if you give BU1 person promoter role to take care of their needs then they can see and do for everything.  It should be separated so you can give a role to a person in BU1 so they can only manage their own content and NOT anyone elses.  As it is right now, we have to take all those permissions away and be responsible for ALL.  It would make things so much easier if BU1 only saw BU1 and BU2 only saw BU2.  Please let me know if any questions or would like to see a use case.

Honored Contributor.. Michael_it Honored Contributor..
Honored Contributor..

i would like to add to this Idea. that there are 2 Scenarios where Access to System Properties needs to be taken into account.

generally seeing/managing them via OO UI or API: i agree a rights model supporting multiple management teams would be appreciated.

additionally there is the Runtime access to System Properties. here it must not only take the permission of people into account. as this causes additional problems with shared automation modules/flows. means it must not only validate if the running user has access to the Systemproperty but also if potentially a parent flow in the call stack does have access

see:

https://community.softwaregrp.com/t5/Operations-Orchestration-Idea/Add-Flows-as-Option-in-System-Account-Permissioning/idi-p/1675110

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.