Limit a user's Executing Requests on Behalf of Others to a list of approved service users.

Hi

Is it currently possible to specify a list of users a user has the ability to execute REST requests on behalf of?

As I currently understand it it's only possible to select a list of users who can execute request on behalf of other users, but not specify what users they are allowed to execute on behalf of.

While the use of such privileges could potentially be monitored, and thus detect such usage this is reactive, and would not undo any damage performed by a bad actor.

The scenario I'm researching is the misuse of a etm assyst user (who would naturally have broader access such as delete of assyst users (possibly deleting the admin team's accounts) or editing of privilege groups) to allow for a broad range of etm integrations.

Is this a correct understanding, or is there a method to limit a user to a select list of users they can act on behalf of of?

Be the first to reply!

Reply

Did you find what you're looking for? If not:

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded