Prevent user from logging into the production instance

markb_wi · October 25, 2023, 2:23pm

I like refreshing our playgrounds a lot and I don’t want any chance of certain people logging into the production instance.

I know there is a condition in BPM to detect the production instance but which business object or table (if any) would be appropriate to place a BPM of this nature?

jtownsend · October 25, 2023, 2:29pm

Add the “non-prod” users to a security group.
Create a function that disables users in said group. I’ve actually done something similar to disable separated users as part of our offboarding script. If you’re interested, I can walk you through it. It only works if you jump through some specific hoops.
Add a REST call to your new function to your refresh script. Alternatively, just run it on a schedule or manually run it from Schedule Functions app.

utaylor · October 25, 2023, 3:13pm

@Mark_Wonsil spoke once of just disabling users for a moment.

Mark_Wonsil · October 25, 2023, 3:16pm

I did a BAQ of ACTIVE, non-Security Manager users and used DMT to disable the users. Then I would use the same file to enable them. The nice thing is that it didn’t force a password reset as it would if done in the UI.

markb_wi · October 25, 2023, 6:54pm

Here is what @LoganS and I did.

Found the right method directive and built a couple of conditions as a safety to ensure we don’t lock admin accounts out