There is a long approach for this from the backend...
No longer have admin rights in Unified Self Service
There was a discussion internally about another approach too, I have not tested this but it might work, it talks about a broken LDAP integration, in your case its EEM integration. Basically the auth schema is forcing it to lose admin privileges. userids are the userids from USS_MDB.user_ table for whichever user who needs to get admin privileges in USS>
Omniadmin users are allowed to log in even if the integration with LDAP is broken. This allows to use this administrator accounts to fix the problem. The default user created with liferay (test@liferay.com) is an example of an omniadmin users. Others can be configured in portal.properties (or portal-ext.properties) indicating a comma separated list of user ids:
4.2.X and before
omniadmin.users=liferay.com.1,liferay.com.1001
4.3.X
omniadmin.users=2,12345,98765
Restart of USS is needed
Another way : how to disable NTLM/EEM authentication without using the Control Panel?
change some of these settings is via the OSOP_Install_Dir/PortalExt.Properties file
company.security.auth.type=screenName
## Allowed case sensitive values: screenName userId emailAddress
<tenant-web-id>.eem.ntlm.authentication.enabled=false
## Allowed case sensitive values: true or false
Restart USS after making the change
_R