Skip to main content

Procedure to revoke user privileges in RMJ

Hernan Castro
  • Updated

1. Purpose

This KB outlines the procedure to follow when downgrading user permissions in RunMyJobs to prevent disruptions in job scheduling capabilities. This procedure applies when a permission downgrade would result in a user losing the necessary privileges to schedule jobs.

 

2. Scope

This procedure applies to all instances where user permissions in RunMyJobs are being downgraded, and the potential impact on the user's ability to schedule jobs needs to be assessed and mitigated.

 

3. Prerequisites

  • Access to the RunMyJobs with admin privileges
  • Identification of the user whose permissions are being downgraded.

4. Procedure

  1. Grant Necessary Privileges to a Target User:
    • Identify a target user who will assume ownership of the affected user's jobs. This user must possess no less privileges that the actual user that has the job to run those jobs.
    • Verify if the target user already has the necessary privileges. If not, grant them the required privileges on the relevant.
  2. Optional: Perform a Dry Run of System_ChangeOwner:
    • Utilize the "Dry Run" functionality of the System_ChangeOwner process.
    • Configure the process to change the ownership of the affected user's jobs to the designated target user.
    • Review the output of the dry run to preview the changes that will be made.
  3. Run System_ChangeOwner:
    • If the dry run results are satisfactory (or if a dry run was skipped), execute the System_ChangeOwner process.
    • Ensure the process is configured correctly to transfer ownership of all jobs belonging to the user whose permissions are being downgraded to the designated target user. 
  4. Remove User Permissions:
    • Once the job ownership has been successfully transferred, proceed with the original task of removing the user's permissions as planned.

 

5. Important Considerations

  • User Deletion: Note that user deletion is not supported in RMJ. To effectively remove a user's access, their account should be permanently deactivated via the RMJ user interface.
  • Planning: Carefully plan permission downgrades, especially for users who frequently schedule jobs, to minimize disruptions.
  • Verification: After completing the procedure, verify that the target user has successfully taken ownership of the affected jobs and can manage them appropriately.
  • Technical User: Consider the use of a Technical User in the Production environment as outlined in Best Practices on Privileges Required to Use Processes

 

6. Related Documentation:

 

Comments

0 comments

Please sign in to leave a comment.