Is there a way to create an operator that doesn't have access to web console particularly /view/campaign or /view/home but has an access to a web application i.e. https://<campaign instance url>/webApp/<web app name>?
Based on documentation, we can forbid an operator to access to the rich client:
However, I can't find any to forbid web console access.
Is this possible?
Any help is greatly appreciated.
Yes, It is not possible to restrict access to view/home if the operator has at least some basic rights (like belongs to some group). However, If the operator does not have read access to a folder, where campaign actually exists, one will not be able to see it anywhere. Same goes for workflows, deliveries and any other records.
I have operators, who can access only designated folders and have only read-only access to them for monitoring purpose.
So it is possible to store web-app to a special folder, restrict operator access only to that folder and in theory, it should be secure.
Please check out this link: Access management
Disabling rich client access option will restrict user to log in via
https://<your Adobe Campaign server>:<port number>/nl/jsp/logon.jsp
but user will be able to Log in using below link
https://<your Adobe Campaign server>:<port number>/view/home
Now options we have to avoid access other modules
A) Based on access rights user can be restricted to view any modules except Web module .
B) If you already published your WebApp shared the link of your WebApp with the user and disable the rich client option by this user will only be able to view WEBAPP.
Hope this helps !
Not to my knowledge.
Can you just restrict operator access to all folders apart of web app folder? You can see what folder access operator has in Audit -> Folder Rights
To make it easy, create operator group, that have required level of access and make the operator be a part of this group and make sure one does not have any access outside of the group access.
The Rich Client is the console. If you forbid the access to it, the operator will not be able to login to the console only. But one will be able to login to web app or perform a SOAP calls, if one have right permissions.
It's actually client's requirement to disable the /view/home of the web console to a specific operator.
Not sure if this is possible since web app are accessed via web console (like reports) and yet they wanted to disable this for a specific operator.
Apologies as I am kind of new to access management in Adobe Campaign.
May I ask what access rights to assigned to a user to restrict view of any modules except web module?
And will that restrict the user in accessing /view/home?