Administrators - More ACL wanted for Help Desk personnel.
I just upgraded a 10,500 user system from GW 8.0.2 to GW 14.0.1. They do not like that they have to give their Help Desk personnel ACL rights to the Post Office level to allow them to change passwords for the GroupWise mailboxes. This level is giving the Help Desk employees too many rights (like deleting the PO) to make changes to the Post Office objects within the GW Admin Console.
Customer wants to see a fourth new Tab under "Administrators" of "Help Desk" where they can grant only User Object Password change capabilities. And other User Object attribute changes of:
General Tab access to all attributes
Client Options menu access
Visibility
Expiration Date
Force Inactive status
Disable Logins
Moving a mailbox
Renaming a mailbox
But stopping them from issuing a delete (make this an ACL also)
So some new form of ACL control at the User Object level with a way to check-mark what attributes or Tabs are allowed for a "Help Desk" level person.
by: Edward H. | over a year ago | Administration
Comments
I would love to have this. We have our Service Desk of 6-7 people in as full GroupWise Administrators because there are simple user administration tasks they cannot complete if they are not at this level. We need to have a way to limit what they can do so they can easily work with all users and not have the limitations they have today.
A great idea for a great product.
I could be necesary for helpdesk, is a risk grant admin rights for helpdesk.
Would love to have option for Helpdesk for GroupWise password changes only. Many of our 6000 accounts are GW only, would save a great amount of time if the Helpdesk could reset these passwords. As designed right now, too risky to give them admin rights at the PO level since all they would be doing is passwords
I too have a need for a limited access role that can only change people's passwords, and add and delete accounts (not be able to delete post offices or domains).
To expand on what I said earlier; I love the fact that I can delegate administration of a single post office to a person within that department. However, I also need to prevent them from having the ability to remove the message retention flag.
This is must have feature, because this was possible in GW 2012 days !
I have many customers that are asking for this. They need something below a PO Administrator level.
8 month. Could we have a feedback from Micro Focus (novell, etc) about that feature long over due!!!
One of my customer's Help Desk people wiped out a PO when they were granted PO level rights to change end users passwords. This is needed ASAP.
We need ACL and predefined roles like Password Administrator (to change user password, disable login, expire date) the Mailbox Administrator (to mange viability, move, rename, maintenance mailboxes) this roles should be defined at postoffice and system level. That is really hard to believe that that is not implemented....
We need ACLs for the role of Address Book Administrator to create/edit/delete distribution lists, create/edit/delete external users, add/remove users to distribution lists.
For now, for my customers that use just the GroupWise Password Record (not the safest mode, no password policy capabilities) I use the free GroupWise Change Password solution from MBlackham on GitHub at https://github.com/mblackhamgw/gwpassword
Well, it looks like Morris created a Help Desk solution for us all to use since Micro Focus has not added this capability to the GroupWise Admin Console. See
https://github.com/mblackhamgw/gwhelpdesk
Morris has created a great tool with the gwhelpdesk solution, he listened to the customers needs! Sad that Mocrofocus will not officially support the product developed by one of it's own employees. This is something GW admins have been asking for for years! Without official support myself and probably many other admins will not be able to put his helpdesk solution into production. Microfocus when will you provide GroupWise customers with a supported solution?
We are up at 90 votes on 4-17-2019, does this now qualify it to be added to the GroupWise Administration Console? Or do we need 190?
Over a year that idea is there! Why that take sooooooooo long to implemented that kind of security for GW.
I just wanted to tell a quick story about 3 people losing their jobs because this has not implemented.
Couple of years ago we had a helpdesk associate delete 1 of the 2 post offices we have. It was the biggest “regular” associate post office. The only “good part” about the whole thing is that it is NOT the Corporate (executive) and none of the owners or upper management (technically) got involved. Long story short we were down for a while and had to resend many thousands of messages from our spam filter, the associate had been let go together with his manager and another manager responsible for that part of daily ops. Ever since we only allow 2 longest working people in entire about 15 persons department with any permissions to the management console.
I don’t want to rename user accounts anymore after doing that for last 17 years. I don’t think this request is something out realm of norm. I do think that it’s crazy that user account with pretty much basic privileges is able to delete the entire post office and there is no way to stop that from happening if I need them to be able to create\rename an account.
Michael Bills PLEASE HELP
Thank you
User Administration should be totally separate from Server configuration. Hopefully this has been fixed in GW2018.
I give up on MF to do some thing about that.