3 Replies Latest reply on Jun 28, 2017 6:20 AM by cwinning

    Role Based Access

    shanew Employee

      Hi Team

       

      Anyone know what I can do with Role Based Access.

       

      By the looks of it, I can restrict or allow users to certain functions (Deploy and Report, or Scan and Report). So I imagine that would stop someone from adding a new machine group.

       

      But how do I assign rights over a machine group?

       

      For example, I have server admins who I want to have full access over the Server Folder/Machine Group, but zero access (or only view) over the Workstation Group.

       

      Is this possible?

       

      Thanks

       

      Shane

        • 1. Re: Role Based Access
          cwinning CommunityTeam

          Hello,

           

          The only way to limit access to Machine Groups is to set the user as Scan and Report Only, Deploy and Report Only or Report Only.  It's not possible to get that granular in the current release, we do intend on expanding on this in a future release. It would be a good idea to submit a feature request.

           

          The basics are:

           

          • Administrator: Full access to all features of the program. Only an administrator user can modify the roles assigned to other users.
          • Full User: Access to all features except for the ability to administer roles.
          • Scan and Report Only: Can perform patch scans and can generate reports.
          • Deploy and Report Only: Can perform patch deployments and can generate reports.
          • Report Only: Can generate reports

           

          You could set Tools > Options > Display > Show only items created by me.  This would help prevent admins modifying other users items.

           

          Thanks,

          Charles

          • 2. Re: Role Based Access
            shanew Employee

            Thanks Charles.

             

            I know in the AppSense world Object based Security was a big feature with Enterprise Customers in our AMC. I will submit a feature request.

             

            So please give me some advice.

             

            Do I go back and just say -  install two consoles, one with a machine group containing the servers, managed by the server team, and a second one with a machine group containing workstations managed by the workstation team ? Is that able to be done with one license key ?

             

            Thanks in advance.

             

            Shane

            • 3. Re: Role Based Access
              cwinning CommunityTeam

              Hello,

               

              I agree the feature needs to be expanded.  Give me the feature request number and I will get some feedback from the Product Manager on it.

               

              The only method of preventing admins from modifying other admins Machine Groups but still allowing them access to everything else is to use separate consoles, pointing to a separate database.  You can setup Data Rollup to rollup the scan/deployment data to one of the consoles for centralized reporting.  Technically, you purchase the number of consoles you can install on.

               

              I would say most of our customers enable the option Tools > Options > Display > Show only items created by me, and trust the admins will behave themselves. 

               

              Thanks,

              Charles