Notifications

402 views

Description

Symptoms


Occasionally, an administrative user may attempt to elevate the account to security_admin for various purposes (usually to edit or create an ACL record) and the Elevate Roles option is not found in the expected contextual menu. 

Menu with no Elevate Roles option

Cause


There are a few reasons this could occur on an instance, with the most common of these reasons detailed in this article.  The most common method is that the administrative user is attempting to Elevate to Security Admin while Impersonating the admin level user, and a second common option is that the admin user does not have the security_admin user role associated to the admin user account on the instance (or it was removed for any reason).

Resolution


The most common reason this will occur on a customer instance is because the user who is logged in is actually currently impersonating the administrator level account (such as System Administrator) rather than actually logged directly into the instance with that account.  Due to a intentional restriction on the system in order to allow a user to elevate permissions to security_admin for an account they must actually logged into the instance and not simply impersonating the admin user. 

Thus, to correct the issue, completely log out of the instance an log back in directly to the instance with the administrator level account.  Once logged in, the Elevate Roles option should then appear for this administrator account in the user menu.

Elevate Roles option found in menu

An alternative potential cause of this is that the administrator level user does not currently have the security_admin role associated to the account.  In order to resolve this, the security_admin role must be added to the admin level account for which the elevate access is needed.  One stipulation, however, is that the security_admin role can only be added by another account that has the security_admin role.  Thus, to correct this issue, a user must log directly into the instance with an account that already has the security_admin role assigned.  He must then click the user menu, select the Elevate Roles option, select the checkbox next to the security_admin option and click the OK button.

Elevate Roles dialog box

Once the roles have been elevated, this user should then access the user account for the admin level user, select the Roles related list, select the security_admin role for the user and click the Ok button to save the change.  Administrator level users who have not elevated the role will be unable to locate or select the security_admin role in the slushbucket control.

Adding security_admin role

If no account can be found that contains the security_admin role which can be used to apply the role to other admin user accounts needing that role, a ticket should be submitted and logged to the Support Line to get the role assigned to the System Administrator user on the instance.

Additional Information


The following document describes how to elevate an admin role to the security admin role:

Elevate to a Privileged Role

Article Information

Last Updated:2019-08-02 20:52:54
Published:2019-02-15