my users are level 1
I have service desk at level 5, they have the following admin rights ticked under users:
view audit log
one of my service desk users logs into EEM right clicks on a user and fair enough RENAME is greyed out, however if they click once onto the name ala windows explorer it is able to be renamed.
I presumed this was the gui allowing them but the DB wouldn't have reflected the change, but that doesn't appear to be the case.
is this a bug or am i missing something
Probably a bug, but you could set two levels of service desk operators. Lower level for recovery operations (WebHelpdesk only), higher level for more drastic object manipulations: including object rename and delete rights (via EEM).
Only service desk users with "Allow administration" can access EEM operations. So reserve that privledge for them only.
Regular users cannot login to EEM.
yes that is the way it is but I don't want a rogue service desk user to be able to cause havoc, I'd like to use the web interface for recovery but it doesn't work
but I don't want a rogue service desk user to be able to cause havoc
Then provide good training to them and audit their work. There is nothing worse than rogue admins.
Why WebHelpdesk Recovery does not work for you? Here, more than 95% calls for support are resolved by using it.
I was waiting for the apache version to be integrated to the standard setup, when I last checked before christmas sometime it wasn't
anyway, have just checked and making a service desk user level 1 - same as the users works, they get a permissions error, still don't think this is the intended behaviour what's the point of the permissions otherwise.
I don't know what are you talking about. Do not give anyone "Allow administration" unless you want them to be admins.
User at level 1 with NO "Allow administration" cannot use EEM.
allow admin just means they can log into the EEM console - if you are being pedantic they are an admin to some degree but the permissions should still work.
I think it is pretty reasonable to expect that to not have "rename user" ticked means you aren't able to rename a user.