Read-Only Access to Debug Pages and Administrative Information

System administrators may grant the capability Debug Pages Read Only Access to non-admin users. Those who are granted standard read-only access to IdentityIQ Debug pages are able to view not just the Object Browser, but also the other pages that have traditionally been reserved for system administrators, including About, Memory, Caches, Count, Beans, Threads, Call Timings, Logging, Database, Connections, and ActiveMQ Monitoring.

Read-only access allows users to see the XML code for configured objects. They can copy or download the XML, but cannot save changes or upload.

Many of the Debug pages have actionable options that are only enabled for those with system administrator capabilities. For those with read-only access, options such as Run Rules and Run Garbage Collector are present but disabled.

Important: Read-only access allows users to view all objects in the Object Browser; this may include some sensitive data. Keep this in mind when determining who should have access.

Configuring Fine-Grained Read-Only Debug Access

There are multiple individual rights that control fine-grained access. Your installation of IdentityIQ is configurable and administrators can group a subset of read-only debug rights into capabilities appropriate for your organization's needs. For example, if you have a DBA who only needs to see a subset of Debug items related to databases, then use the more fine-grained rights to create a custom capability.

Important: Read-only access allows users to view all objects in the Object Browser; this may include some sensitive data. Keep this in mind and consider configuring custom capabilities as needed.

See Rights and Capabilities for Identities.

View-only access to the Debug pages controls whether or not you can see the page – if users try to reach a page without having either system administrator capabilities or read-only access rights, they see an Access Denied message.

Useful When

Read-only access is useful when developers need to see IdentityIQ objects' XML in order to write custom code, troubleshoot, or debug without a system administrator partnering with them. They can open any object on the Object Browser.