lost access to admin portal

Showing results for 
Search instead for 
Do you mean 
Reply
Contributor III
Posts: 24
Registered: ‎07-19-2016
#1 of 5 2,886

lost access to admin portal

Hello, 

A user has view permission to a system, and view/login permissions to an account on that system. Up until yesterday, he was able to log in to his user portal, switch to his Admin Portal, and log in to that system from there. But beginning at some point yesterday, he can no longer access his admin portal.  In his user portal, when he clicks his user name, the menu no longer has the "Switch to Admin Portal" option.  No permission changes were made for the account.  Anyone have any thoughts on what could be causing this?  Thank you in advance.

 

Charles

Centrify Guru I
Posts: 2,411
Registered: ‎07-26-2012
#2 of 5 2,883

Re: lost access to admin portal

[ Edited ]

@charles2,

 

Welcome Back.

 

The user does not belong to a role that has the  Privilege Service User, Privilege Service Power User or Privilege Service Administrator.  

 

The quickest way to review rights is to look at the user > Roles, and focus on the rights on the right column.  If the user does not have either PSU, PSPU or PSA, then they won't be able to switch to the Admin portal.

stewie.png

 

Identify the role he/she is supposed to be in, then look at the activity to see who may have made the change.

 

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Contributor III
Posts: 24
Registered: ‎07-19-2016
#3 of 5 2,880

Re: lost access to admin portal

Hi R.P,

 

Thank you for the quick response.

 

This user was assigned permissions directly to the system and account, not through a role membership.  And he was successfully logging in to the system/account from his admin portal.  But starting at some point yesterday, when he clicks his name in his user portal, he no longer sees the "Switch to Admin Portal" option.  I've double checked his permissions, and I've removed/readded the permissions, but the problem persists.

 

BTW, I know the best way to set up system/account permissions is through role memberships, and I'm doing that in general, but for this particular account I need to assign permissions directly to the system/account for some testing that I'm doing.

 

Charles

Centrify Guru I
Posts: 2,411
Registered: ‎07-26-2012
#4 of 5 2,874

Re: lost access to admin portal

We may be misunderstanding ourselves here.

 

Permissions are individidual entitlements for CPS objects (e.g. an 'account' type has view, checkout, rotate, update and so on;  a system has view, login, view session, etc)

 

Role entitlements allow you to perform actions in the Centrify Platform.  E.g. a Privilege Service User, can go to the admin portal and see only CPS-related objects.

 

If you have permissions in objects, but don't have the role entitlement that allow you to access privilege service, you won't be able to access those systems/accounts/secrets, etc.

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Highlighted
Centrify Advisor IV
Posts: 80
Registered: ‎12-12-2012
#5 of 5 2,848

Re: lost access to admin portal

[ Edited ]

Hi Charles,

 

Robertson was correct. After checking your tenant config, the affected user didn't have the administrative right (granted in Roles tab) to access Centrify Admin Portal. 

 

Granting only "View" or "Login" permission on a particular system or an account will not allow the user to access Centrify Admin Portal, let alone seeing the system or account.

 

We'll follow up with you further on this via the support ticket you opened with us.

 

Thank you.

Best Regards,

Henry