Super Admins can hide Security Console sub-menus or specific menu items from lower-level administrators. For example, you can prevent Token Administrators, who only help individual users, from seeing the Distribute Software Tokens in Bulk sub-menu.
Hiding the menu items does not prevent administrators from accessing the functionality through other means, such as the RSA Authentication Manager SDK. To restrict access to specific features, you must configure security domains and administrative roles.
Before you begin
- You must be a Super Admin.
- Obtain the rsaadmin operating system password for the primary instance and each replica instance.
- Secure shell (SSH) must be enabled on every appliance in your deployment. For instructions, see Enable Secure Shell on the Appliance.
- Configure verbose logging to see what items are hidden by this command. For instructions, see Configure Logging.
On the primary instance, log on to the appliance using an SSH client.
Run one of the following commands:
To hide menu items from administrators, type the following command, and then press ENTER:
./rsautil store -a add_config auth_manager.security_console.permissions.hidden_menu_items item1, item2, item3 GLOBAL STRING
where item1, item2, item3 is a comma-separated list of the items you want to hide.
For example, the following command hides the Distribute Software Tokens in Bulk sub-menu from administrators:
./rsautil store -a add_config auth_manager.security_console.permissions.hidden_menu_items IssueSoftwareTokenBatch GLOBAL STRING
To show hidden menus again, type the following command, and then press ENTER:
./rsautil store -a update_config auth_manager.security_console.permissions.hidden_menu_items "" GLOBAL
Restart all Authentication Manager services on the primary instance and the replica instances:
./rsaserv restart all