Set up the Admin role

Users may be mapped to admin roles. Mapped admin-level users will have the same privileges as Spectrum admin-level users, but they will display as non-admin users with basic user role privileges.

You can edit the user privileges on the Security page in Management Console to display true privileges. Default admin share and user roles do not automatically apply under Spectrum SSO implementation. To apply and display user role permissions, you must set properties for any user that is mapped to the domain user group.

To establish system-wide access profiles, including that of Administrator ("Admin"):

  1. Go to spectrum-config-sso-sts.properties, located in SpectrumDirectory\..\server\conf\spring\security.
  2. Within spectrum-config-sso-sts.properties file, set the dynamic property to apply admin group permissions at Spectrum server startup: spectrum.security.authentication.idpserver.admin.role=rolename, where rolename is the group name for users who will inherit system-level admin permissions.
  3. Log in to the JMX console, and search for this property: com.pb.spectrum.platform.common.security.role:mappings=RoleMappings.
    This property manages the mapping of roles to all user groups.
  4. Define these parameters:
    1. In the addMapping section, in the value field, enter the SSO role value that you want to map to a Spectrum™ Technology Platform role.
    2. In the roleName field, enter the Spectrum™ Technology Platform role that you want to map to the LDAP attribute value.
    3. Click Invoke. Users who have the SSO role will now be granted the role you specified after they log in to Spectrum™ Technology Platform at least one time.
    4. To remove a mapping, enter the LDAP attribute you want to unmap in the value field in the removeMapping section.