Expand my Community achievements bar.

Announcing the launch of new sub-community for Campaign Web UI to cater specifically to the needs of Campaign Web UI users!
SOLVED

Operator with no access to web console

Avatar

Level 2

Hi everyone.

Is there a way to create an operator that doesn't have access to web console particularly /view/campaign or /view/home but has an access to a web application i.e. https://<campaign instance url>/webApp/<web app name>?

Based on documentation, we can forbid an operator to access to the rich client:

1832159_pastedImage_0.png

However, I can't find any to forbid web console access.

Is this possible?

Any help is greatly appreciated.

1 Accepted Solution

Avatar

Correct answer by
Level 4

Yes, It is not possible to restrict access to view/home if the operator has at least some basic rights (like belongs to some group). However, If the operator does not have read access to a folder, where campaign actually exists, one will not be able to see it anywhere. Same goes for workflows, deliveries and any other records.

I have operators, who can access only designated folders and have only read-only access to them for monitoring purpose.

So it is possible to store web-app to a special folder, restrict operator access only to that folder and in theory, it should be secure.

Please check out this link: Access management

View solution in original post

7 Replies

Avatar

Level 4

Hi

The Rich Client is the console. If you forbid the access to it, the operator will not be able to login to the console only. But one will be able to login to web app or perform a SOAP calls, if one have right permissions.

Avatar

Level 2

Hi DimaKudryavtsev

Yeah...that setting is to forbid access on the rich client console. How about forbid an operator to access the web console but still can access a web app? Is that possible?

1832161_pastedImage_0.png

Avatar

Level 4

Not to my knowledge.

Can you just restrict operator access to all folders apart of web app folder? You can see what folder access operator has in Audit -> Folder Rights

To make it easy, create operator group, that have required level of access and make the operator be a part of this group and make sure one does not have any access outside of the group access.

Avatar

Community Advisor

Hi ,

Disabling rich client access option will restrict user to log in  via

https://<your Adobe Campaign server>:<port number>/nl/jsp/logon.jsp

but user will be able to Log in using below link

https://<your Adobe Campaign server>:<port number>/view/home

Now options we have to avoid access other modules

A) Based on access rights user can be restricted to view any modules except Web module .

B) If you already published your WebApp shared the link of your WebApp with the user and disable the rich client option by this user will only be able to view WEBAPP.

Hope this helps !

Thanks,

Kapil

Avatar

Level 2

Hi Kapil.

Apologies as I am kind of new to access management in Adobe Campaign.

May I ask what access rights to assigned to a user to restrict view of any modules except web module?
And will that restrict the user in accessing /view/home?
Thanks.

Avatar

Level 2

Hi DimaKudryavtse
It's actually client's requirement to disable the /view/home of the web console to a specific operator.
Not sure if this is possible since web app are accessed via web console (like reports) and yet they wanted to disable this for a specific operator.

Avatar

Correct answer by
Level 4

Yes, It is not possible to restrict access to view/home if the operator has at least some basic rights (like belongs to some group). However, If the operator does not have read access to a folder, where campaign actually exists, one will not be able to see it anywhere. Same goes for workflows, deliveries and any other records.

I have operators, who can access only designated folders and have only read-only access to them for monitoring purpose.

So it is possible to store web-app to a special folder, restrict operator access only to that folder and in theory, it should be secure.

Please check out this link: Access management