CNC: Security question

All,

apologies if this is appearing in duplicate...

We have a HELPDESK role which allows the client's helpdesk team reset/change passwords.

What is the best way to keep the helpdesk staff to reset/change certain ID's such as "JDE" or member of CNC admin team?

Thank you
CNCJay

I did not understand your question; please rephrase.

I tried to focus your question in the Applications forum where you left the original message. (http://www.jdelist.com/ubb/showflat.php?Cat=0&Number=127835&page=0&view=collapsed&sb=5&o=&fpart=1)

Basically, if you can tell me which application they are using to set passwords (Administrative Password Revisions or something else), then I can look and tell you where you need to set your row security to filter out the users you don't want them to see.

There is no easy way of doing this. However there are couple of ways you can look into this.

One way I can suggest is to make a copy of password chaging application ( that helpdesk uses). Do not modify the original application and access to it should be sloely given to internal security team /CNC. IN the modified application, put event rule to exclude certain roles/users. Hence technically when the helpdesk uses this application, they will never be able to change the password of those sensitive accounts. I am sure there are other work aorunds, but this one came to my mind

We did something similar to this for an external helpdesk that we use. We were tired of getting swamped with password resets, so I set up a role specifically for our helpdesk to change passwords. I locked down our Scheduler, Administrator, JDE and Super User accounts through row security on F98OWSEC.

The security that is set will allow the helpdesk to only change an existing password for a non-priviledged user or re-enable a disabled non-priviledged account.

I'm sure you've already gotten this completed but if you hadn't......

I hope this helps.

Does anyone know if there is a tool to allow users on the web to reset their own passwords? You know, ask a security questions like where did you go to high school and then it will allow them to reset it themselves. This would greatly reduce the password reset calls that come into the help desk.

There are certain Standard BSFNs which do the task of Password reset and store in tables (though I do not remember the BSFN names at this hour, I'll have to dig into my documentation on another PC).

We used those BSFN dlls and did the password reset via .aspx custom applications through web using the same.

Let me know if the same idea works in your case. i may share the document with you if required..

That would be great if you find something. I am guessing that there isn't a commercial product or better yet, an Oracle solution for all end users to reset their own passwords either.