- Flexera Community
- :
- App Broker
- :
- App Broker Forum
- :
- App Portal Roles
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When using App Portal/App Broker, I want to include and exclude certain parts of the organization. For example, there might be certain parts of the organization being divested. What is the best way to segregate user access in App Portal by groups of people so that we can either include all and then exclude by exception, or exclude all and include by exception. The domain name is the same for all users - what is the best way to separate them out in AD?
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Permissions in App Portal are broken into two areas: Admin Security and Catalog Security. If no permissions are configured under Admin Security, everyone that can authenticate (either domain users or SSO users, depending on how you have authentication configured) will have full admin rights to the site. As soon as you add any user or group to Admin Security, only that user or group will have admin rights, and only the specified permissions you have granted. Everyone else will be excluded automatically. The same holds true for Catalog Security. If no permissions are configured, everyone will have access to browse the catalog, request on behalf of others, manage other people's requests, etc. As soon as you add a user or group to Catalog Security, only that user or group will have the designated permissions, and all other users will have no catalog access.
Within North America Services, our standard practice is to create a set of AD groups that represent common roles (e.g. App Portal Administrator, Support Technician, Catalog Administrator, License Manager, Report Viewer, Catalog User). We then add those AD groups into Admin Security and Catalog Security with the desired permissions. From that point, you can simply manage permissions by adding/removing users and groups to/from those AD groups. As described above, anyone that isn't in one or more of those groups will have no permissions to App Portal.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This thread has been automatically locked due to inactivity.
To continue the discussion, please start a new thread.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Permissions in App Portal are broken into two areas: Admin Security and Catalog Security. If no permissions are configured under Admin Security, everyone that can authenticate (either domain users or SSO users, depending on how you have authentication configured) will have full admin rights to the site. As soon as you add any user or group to Admin Security, only that user or group will have admin rights, and only the specified permissions you have granted. Everyone else will be excluded automatically. The same holds true for Catalog Security. If no permissions are configured, everyone will have access to browse the catalog, request on behalf of others, manage other people's requests, etc. As soon as you add a user or group to Catalog Security, only that user or group will have the designated permissions, and all other users will have no catalog access.
Within North America Services, our standard practice is to create a set of AD groups that represent common roles (e.g. App Portal Administrator, Support Technician, Catalog Administrator, License Manager, Report Viewer, Catalog User). We then add those AD groups into Admin Security and Catalog Security with the desired permissions. From that point, you can simply manage permissions by adding/removing users and groups to/from those AD groups. As described above, anyone that isn't in one or more of those groups will have no permissions to App Portal.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
