Admin tools delegation
- name:
- Admin Tools Delegation
- description:
- New profiles to delegate User, Audit, Notification,… to non-admin users
- version:
- 1.2.1
- release:
- 2023-07-02
- itop-version-min:
- 2.7.0
- code:
- itop-admin-delegation-profiles
- state:
- stable
- diffusion:
- iTop Hub
- php-version-max:
- PHP 8.0
This extensions add new user profiles to your iTop.
Configuration Manager,
Service Manager,…Features
The new profiles brought by this extension:
| Id | Profile | Associated priviledges |
|---|---|---|
| 43 | User Manager | Has the rights to create/modify/delete users… |
| 44 | Notification Manager | Has the rights to create and modify triggers and actions |
| 45 | Audit Manager | Has the rights to create and modify Audit (categories and rules) |
| 46 | Query Manager | Has the rights to create and modify the Query Phrasebook |
| 47 | SynchroData Manager | Has the rights to create and modify Synchro data sources |
| 48 | Admin Tools Manager | Has the rights to do all the above listed actions |
| 120 | Query History | Has all rights but query the history (CMDBChange). Requires iTop 3.1.0+ otherwise the profil won't be there |
| 121 | Mail Inbox Manager | Has all rights to create/modify Mail Inboxes and OAuth clients Only with Mail To Ticket automation 3.7.0+ |
| 122 | Mail Messages Manager | Has all rights to see, modify and delete Mail Messages and read MailInboxes Only with Mail To Ticket automation 3.7.0+ |
If you give to a manager the profile “User Manager” with some “allowed organizations” then
-
that user will be able to create users only with
allowed organizationschoosen amongst his own allowed organizations -
The manager cannot provide the profile “Administrator” but he can give any other profiles including those that he does not have himself.
Revision History
| Date | Version | Description |
|---|---|---|
| 2023-07-28 | 1.2.1 | N°5299 - Fix compatibility with iTop 2.7 when doing a MTP / MTP from the Designer |
| 2023-07-27 | N°5299 - Restore compatibility with iTop 2.7 and remove dependency to Mail To Ticket automation | |
| 2023-06-19 | Requires iTop 3.1 and Mail To Ticket automation 3.7.0
or above N°5299 - Add Inbox Manager and Mail Messages Manager profiles N°6423 - Add Query History profile |
|
| 2020-03-23 | 1.0.0 | Improve Profile descriptions Enable DataSynchro creation |
| 2017-07-05 | 0.1.0 | First version. |
Limitations
None
Requirements
iTop 2.7.0+
Installation
Use the Standard installation process for this extension.
Configuration
No configuration parameters for this extension.
But if you want to customize the default behavior, check here for what is possible
Usage
Once installed, the Administrator will be able to give those
profiles to users, as any other standard profiles.
Configuration Manager,
Service Manager,…Each of this profile will give access to the Admin Tools header menu, with specific sub-menus:
| Profile | Menus included |
|---|---|
| User Manager | User Accounts, Profiles |
| Audit Manager | Audit, Run Query |
| Notification Manager | Notification, Run Query |
| Query Manager | Query Phrasebook, Run Query |
| SynchroData Manager | Synchronization Data Sources |
| AdminTools Manager | all menus above |
| Query History | none |
| Mail Inbox Manager | Incoming eMail Inboxes |
| Mail Messages Manager | Incoming eMail Inboxes |
Example of a the Administration menu for a user
having profile User Manager & Audit
Manager 
Such user can rebuild any iTop object (even those that he is not allowed to see) by querying the previous and new value of every object fields
User passwords aren't stored in the history…
Questions & Answers
Q: I want to give access to Query Phrasebook but in read
only mode, can I do it ?
A: Yes, it's possible but you will need to create
a new Profile and change the access right on the “Query Phrase”
menu.
Create a New profil and change menu visibility.