Operator with no access to web console

mary_joyg231170

11-09-2019

Hi everyone.

Is there a way to create an operator that doesn't have access to web console particularly /view/campaign or /view/home but has an access to a web application i.e. https://<campaign instance url>/webApp/<web app name>?

Based on documentation, we can forbid an operator to access to the rich client:

1832159_pastedImage_0.png

However, I can't find any to forbid web console access.

Is this possible?

Any help is greatly appreciated.

Accepted Solutions (1)

Accepted Solutions (1)

DimaKudryavtsev

12-09-2019

Yes, It is not possible to restrict access to view/home if the operator has at least some basic rights (like belongs to some group). However, If the operator does not have read access to a folder, where campaign actually exists, one will not be able to see it anywhere. Same goes for workflows, deliveries and any other records.

I have operators, who can access only designated folders and have only read-only access to them for monitoring purpose.

So it is possible to store web-app to a special folder, restrict operator access only to that folder and in theory, it should be secure.

Please check out this link: Access management

Answers (6)

Answers (6)

kapilKochar

MVP

11-09-2019

Hi ,

Disabling rich client access option will restrict user to log in  via

https://<your Adobe Campaign server>:<port number>/nl/jsp/logon.jsp

but user will be able to Log in using below link

https://<your Adobe Campaign server>:<port number>/view/home

Now options we have to avoid access other modules

A) Based on access rights user can be restricted to view any modules except Web module .

B) If you already published your WebApp shared the link of your WebApp with the user and disable the rich client option by this user will only be able to view WEBAPP.

Hope this helps !

Thanks,

Kapil

DimaKudryavtsev

11-09-2019

Not to my knowledge.

Can you just restrict operator access to all folders apart of web app folder? You can see what folder access operator has in Audit -> Folder Rights

To make it easy, create operator group, that have required level of access and make the operator be a part of this group and make sure one does not have any access outside of the group access.

DimaKudryavtsev

11-09-2019

Hi

The Rich Client is the console. If you forbid the access to it, the operator will not be able to login to the console only. But one will be able to login to web app or perform a SOAP calls, if one have right permissions.

mary_joyg231170

12-09-2019

Hi DimaKudryavtse
It's actually client's requirement to disable the /view/home of the web console to a specific operator.
Not sure if this is possible since web app are accessed via web console (like reports) and yet they wanted to disable this for a specific operator.

mary_joyg231170

12-09-2019

Hi Kapil.

Apologies as I am kind of new to access management in Adobe Campaign.

May I ask what access rights to assigned to a user to restrict view of any modules except web module?
And will that restrict the user in accessing /view/home?
Thanks.

mary_joyg231170

11-09-2019

Hi DimaKudryavtsev

Yeah...that setting is to forbid access on the rich client console. How about forbid an operator to access the web console but still can access a web app? Is that possible?

1832161_pastedImage_0.png