000036174 - How to hide the Distribute Software Tokens in Bulk menu option from administrators in RSA Authentication Manager 8.1 SP1 Patch 1 and later

Document created by RSA Customer Support Employee on Jul 7, 2018Last modified by RSA Customer Support Employee on Jul 8, 2018
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000036174
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2 SP1 Patch 1 and later
 
TasksThis article explains how to assign an admin role for a user to assign and distribute tokens, but not to distribute bulk-software tokens.  It explains how to hide the bulk distribution menu for the normal administrator but not for Super Admin users.
Resolution

Hide menu items from administrators


To address AM-31082 (RFE:  How to Disable "distribute software token in bulk" only from Token Administrator Role on AM 8.1 without removing the whole distribution permission), SP1 patch 1 allows you to hide menu items in the Security Console from administrators.

Menu items cannot be hidden from super administrators.


The menu items that can be hidden can be entire submenus or specific items in a menu.

You can enable verbose tracing to see which items have been hidden by this command.

Hiding menu items in the Security Console does not prevent administrators from accessing the function through other means, such as through the Admin SDK.
To hide menu items, run the command below where <item1>,<item2>,<item3> is a comma-separated list of the items you want to hide.

./rsautil store -a add_config auth_manager.security_console.permissions.hidden_menu_items <item1>,<item2>,<item3> GLOBAL STRING

 

Configuration ValueMenu Level #1Menu Level #2Menu Level #3Menu Level #4
IssueSoftwareTokenBatchAuthentication SecurIDTokensDistribute  Software Tokens in Bulk-----



To hide the bulk distribution menus



  1. Log on to the primary appliance as rsaadmin using an SSH client.
  2. Navigate to /opt/rsa/am/utils.


cd /opt/rsa/am/utils


  1. Type the following command tto hide the menu items from administrators:


./rsautil store -a add_config auth_manager.security_console.permissions.hidden_menu_items IssueSoftwareTokenBatch GLOBAL STRING


For example,



rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil store -a add_config auth_manager.security_console.permission.hidden_menu_items IssueSoftwareTokensBatch,Authentication,SecurIDTokens,DistributeSoftwareTokensinBulk GLOBAL STRING
Please enter OC Administrator username: <enter Operations Console admin user name>
Please enter OC Administrator password: <enter Operations Console admin user password>
psql.bin:/tmp/26f4efeb-12e9-45b2-b9ec-a76653e3863c5406914634885663446.sql:108: NOTICE:   Added the new configuration parameter "auth_manager.security_console.permission.hidden_menu_items" with the value "IssueSoftwareTokensBatch,Authentication,SecurIDTokens,DistributeSoftwareTokensinBulk"
add_config
------------

(1 row)


  1. Restart all Authentication Manager services on the primary server and replicas:


cd /opt/rsa/am/server
./rsaserv restart all


User-added image



 

To restore hidden menus



  1. Log on to the primary appliance using an SSH client.
  2. Navigate to /opt/rsa/am/utils:


cd /opt/rsa/am/utils


  1. Enter the following command: 


./rsautil store -a update_config auth_manager.security_console.permissions.hidden_menu_items “” GLOBAL


  1. Restart all Authentication Manager services on the primary server and all replicas:


cd /opt/rsa/am/server
./rsaserv restart all


User-added image

Attachments

Outcomes