Unable to use the User Scope Restriction in RSA Authentication Manager 8.x
Originally Published: 2015-04-20
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
There was a problem processing your request. Specified scope restriction condition PRINICIPAL.<attributename> IN
{“<myvalue>”} is invalid.
{“<myvalue>”} is invalid.
The User Scope Restriction allows you to restrict which users the administrator can manage within the administrative scope of this role. To restrict user scope, you must specify an attribute condition.
Cause
Resolution
Confirm that the User to define conditions on administrative user management permission is checked as shown above.
Once you have an attribute defined to use for scope restriction and this option checked then you will be able to use User Scope Restriction in Administrative roles.
In this instance, this option was not checked, triggering the error.
Notes
- The syntax is PRINICIPAL. IN {“”}
- The syntax is case sensitive. PRINCIPAL and IN are always uppercase. The attribute name should be exactly what you mentioned when creating the attribute above.
- For example, if you create an attribute name called Department, then your syntax will look something like PRINCIPAL.Department IN { "RESEARCH"}.
- Using PRINCIPAL.DEPARTMENT IN { "RESEARCH"} will fail.
- The working syntax here will give the administrative role to admin who can manage users from research department.
