I need to create an orchestrator account, which needs to be given to the it team of our company, who will use it to create other user accounts. This account only has the right to create other user accounts in orchestrator. I found that only the account with administrator permission can create other user accounts, but this permission is too big and does not meet the regulations of our company.I want to create an account that has no administrator role but can create other accounts.
The following is my operation, please help me find out what is wrong:
1.Create a new role and checking all permissions of the [user] option
2.Create a user and assign it to the [everyone] group
3.Assign the new role to this user
4.log into this account, ManageAccounts&Groups cannot be accessed
You can go to manage access and click on roles and create a new role with required permissions as you need…this way only creation of users and machines can be given as well
Yes, I created a new role with only user permissions, but the account with this new role doesn’t have access to the [ManageAccounts&Groups],so this account can’t create other accounts.
Looks like you are on on prem and try to access management and not orcheatrator…the roles you create in tenant are the orchestrator level roles and not management level roles…so you might be able to access with those level of roles…for management access you might need admin…as the taska re different…but in the tenant level you should be able to access aorchestrator
