Question & Answer
Question
How do I Clone an Admin Role to User defined Role?
We are trying to clone the admin role and then name is as our userdefined role.
When we do and assign it to a user(s) we observe that not all Datasources , Auditprocess , Classification, Reports etc are visible to users. We need to execute grdapi grant_role_to_object_by_Name command every time we create new audit process, classification, datasources etc.
When we do and assign it to a user(s) we observe that not all Datasources , Auditprocess , Classification, Reports etc are visible to users. We need to execute grdapi grant_role_to_object_by_Name command every time we create new audit process, classification, datasources etc.
Is there a way to automatically assign all access that admin has to a user defined role?
Answer
Unfortunately this is expected behavior and cannot be done.
The admin user and admin role are 2 different things.
The admin user has privileges that no other user has nor that it can be assigned to other users by assigning them a role cloned from the admin role.
This is documented in these links using different wording but it essentially mean the same:
Guardium Administration
https://www.ibm.com/docs/en/guardium/11.5?topic=system-guardium-administration
https://www.ibm.com/docs/en/guardium/11.5?topic=system-guardium-administration
Understanding Roles
https://www.ibm.com/docs/en/guardium/11.5?topic=guardium-understanding-roles
https://www.ibm.com/docs/en/guardium/11.5?topic=guardium-understanding-roles
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000Gp0dAAC","label":"USAGE"}],"ARM Case Number":"TS012656393","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
09 August 2023
UID
ibm17024972