Question
Access group removal
We are having security issues since these access groups are being pulled as part of one of the LDAP users who should not have access to the application.
Need to check if the below access groups can be removed without having an application impact:
30783 | StockTrader:06-03 | Environment: 30783 CMT - Description: StockTrader:06-03 | |
30783 | AP118224:Administrators | Environment: 30783 CMT - Description: AP118224:Administrators | |
30783 | PegaAESRemote | Environment: 30783 CMT - Description: PegaAESRemote | |
30783 | DMSample:Users | Environment: 30783 CMT - Description: DMSample:Users | |
30783 | PRPC:PortalUsers | Environment: 30783 CMT - Description: PRPC:PortalUsers | |
30783 | PRPC:ProcessArchitects | Environment: 30783 CMT - Description: PRPC:ProcessArchitects | |
30783 | DMSample:Managers | Environment: 30783 CMT - Description: DMSample:Managers | |
30783 | IntSample | Environment: 30783 CMT - Description: IntSample |
We do not have this user corresponding Operator ID in PRPC. So in this scenario what should be the correct way of removal his access.
If we delete these access groups , will there be an functional impact on application. Please suggest
>>> If we delete these access groups , will there be an functional impact on application. Please suggest
- I'm not sure - but thinking, deleting the shipped access groups/operators might break some of the PRPC start up activities or internal agents etc...
Except AP118224:Administrators, all looks like generic access groups. Deleting access groups might not be even necessary to address your security concern. Is that LEAP user have a corresponding Operator ID in PRPC (either created manually or dynamically during authentication process?). If yes, does this user have all the access groups listed on Operator ID record?