How to hide the Distribute Software Tokens in Bulk menu option from administrators in RSA Authentication Manager 8.1 SP1 Patch 1 and later
2 years ago
Originally Published: 2018-03-22
Article Number
000051400
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2 SP1 Patch 1 and later
 
Tasks
This article explains how to assign an admin role for a user to assign and distribute tokens, but not to distribute bulk-software tokens.  It explains how to hide the bulk distribution menu for the normal administrator but not for Super Admin users.
Resolution

Hide menu items from administrators

To address AM-31082 (RFE:  How to Disable "distribute software token in bulk" only from Token Administrator Role on AM 8.1 without removing the whole distribution permission), SP1 patch 1 allows you to hide menu items in the Security Console from administrators.

Menu items cannot be hidden from super administrators.

The menu items that can be hidden can be entire submenus or specific items in a menu.

You can enable verbose tracing to see which items have been hidden by this command.

Hiding menu items in the Security Console does not prevent administrators from accessing the function through other means, such as through the Admin SDK.
To hide menu items, run the command below where <item1>,<item2>,<item3> is a comma-separated list of the items you want to hide. 
./rsautil store -a add_config auth_manager.security_console.permissions.hidden_menu_items <item1>,<item2>,<item3> GLOBAL STRING
 
Configuration ValueMenu Level #1Menu Level #2Menu Level #3Menu Level #4
IssueSoftwareTokenBatchAuthentication SecurIDTokensDistribute  Software Tokens in Bulk-----


To hide the bulk distribution menus

  1. Log on to the primary appliance as rsaadmin using an SSH client.
  2. Navigate to /opt/rsa/am/utils.
cd /opt/rsa/am/utils
  1. Type the following command tto hide the menu items from administrators:
./rsautil store -a add_config auth_manager.security_console.permissions.hidden_menu_items IssueSoftwareTokenBatch GLOBAL STRING
For example,
rsaadmin@am82p:/opt/rsa/am/utils> ./rsautil store -a add_config auth_manager.security_console.permission.hidden_menu_items IssueSoftwareTokensBatch,Authentication,SecurIDTokens,DistributeSoftwareTokensinBulk GLOBAL STRING
Please enter OC Administrator username: <enter Operations Console admin user name>
Please enter OC Administrator password: <enter Operations Console admin user password>
psql.bin:/tmp/26f4efeb-12e9-45b2-b9ec-a76653e3863c5406914634885663446.sql:108: NOTICE:   Added the new configuration parameter "auth_manager.security_console.permission.hidden_menu_items" with the value "IssueSoftwareTokensBatch,Authentication,SecurIDTokens,DistributeSoftwareTokensinBulk"
 add_config
------------

(1 row)
  1. Restart all Authentication Manager services on the primary server and replicas:
cd /opt/rsa/am/server
./rsaserv restart all

User-added image

 

To restore hidden menus

  1. Log on to the primary appliance using an SSH client.
  2. Navigate to /opt/rsa/am/utils:
cd /opt/rsa/am/utils
  1. Enter the following command: 
./rsautil store -a update_config auth_manager.security_console.permissions.hidden_menu_items “” GLOBAL
  1. Restart all Authentication Manager services on the primary server and all replicas:
cd /opt/rsa/am/server
./rsaserv restart all
User-added image

Related Articles

Trending Articles

Don't see what you're looking for?