|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager Prime
|Issue||Different levels of support staff use the Authentication Manager Prime Help Desk Admin Portal website to administer RSA users. One group requires access that allows them to unlock a user's account after it locks. This option was enabled via the Security Console and it can be verified that that role does have the requested permission; but when one of the users in the role tries to access the option, it is grayed out.|
|Cause||RSA Authentication Manager Prime permissions are set in the Prime Help Desk server configuration file.|
|Resolution||Edit the lapProto.xml file (sample attached), located in the default directory path. For Windows this is C:\RSA\hdap\config. For Linux, go to \RSA\hdap\config.|
Note: Permissions for users of RSA Authentication Manager Prime are not made in the Authentication Manager.