We are currently tightening user permissions within our IAM applications. Each company has its own IAM application with at least one key user. A key user supports IAM activities and is responsible for maintaining the role/permission structure for other users.
We have reviewed the key-user responsibilities and adjusted permissions so they only have what they need. As part of this, we removed access that allowed changes to application-level settings. We no longer want to assign Main Administrator or Application Administrator roles to key users.
Since these changes, key users can no longer access the “Effective user rights” table. This table is very useful for them because it provides a clear overview of what permissions users effectively have.
Is there a way to grant access to the “Effective user rights” table by adding the required permissions to one of the following groups, without giving admin roles?
Our key users currently have these roles:
- Application owners
- Group administrators
- User administrators
- Simulators
