×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.
BMC Server Automation 8.3 ... Planning Permissions

RBAC permissions for patch management

To create Patching Jobs and to deploy patches, the patch administrator must be assigned a role that includes the necessary permissions. 

To facilitate division of responsibilities, you can assign permissions to one role or split between several roles. 

RBAC permissions for managing patches

Ensure that the patch administrator has the following permissions.

Defining permissions for

Gives the user the ability to

AIXPatchSoftware.Read
DepotFolder.Read (on the depot folder where the Catalog is stored)
JobFolder.Read,Write (To create the Patching Job(s) inthe Job folder)
LinuxSoftware.Read
PatchCatalog.Read
PatchCatalog.Write (for Solaris and AIX only)
PatchingJob.*
PatchSmartGroup.Read
Server.Read (only requires read to run the patching job)
ServerGroup.Read
SolarisSoftware.Read
SolarisSoftware.Create
WindowsSoftware.Read

Perform all operations related to Patch Analysis Jobs (only Patch Analysis, not Patch Remediation)

AIXPatchSoftware.Read
BatchJob.*
BlPackage.*
CustomSoftware.*  (for Linux only)
DeployJob.*
DepotFolder.Read,Write (in the folder to create all the packages)
DepotGroup.Read
JobFolder.Read,Write
LinuxSoftware.Read
PatchCatalog.Read
PatchSmartGroup.Read
PatchingJob.Read
PatchDownloadJob.*
PatchRemediation.*
Server.Read,Deploy
ServerGroup.Read (to find servers)
SolarisSoftware.Read
SolarisSoftware.Modify
WindowsSoftware.Read
WindowsSoftware.Modify

Note: SolarisSoftware.Modify and WindowsSoftware.Modify permissions are optional. Even if the role assigned to the administrator does not have modify permissions on software objects in the depot, the remediation jobs are completed with warnings.

Perform all operations related to Patch Remediation Jobs (including their Deploy Jobs)

PatchGlobalConfig.Read
PatchGlobalConfig.Modify

Modify Patch Global Configuration settings

ACLPolicy.* (This permission is only required if ACL policies used in catalog must be created because they do not already exist).
ACLPolicy.Read
AixPatchSoftware.*
DepotFile.* (for offline catalogs, users must be able to create depot files)
DepotFolder.Read,Write (users must have read/write privileges in a depot folder to create the catalog)
JobFolder.Read,Write (in the case of a download job, this access is a minimum requirement)
PatchCatalog.*
PatchSmartGroup.*
PatchDownloadJob.*
ServerGroup.Read,Browse (required on the helper servers)
SolarisSoftware.*
WindowsSoftware.*
AIXPatchSoftware.*
LinuxSoftware.*

Perform all operations related to Catalog Update Job for Windows/Solaris/Linux/AIX

Was this page helpful? Yes No Submitting... Thank you
Last modified by Yael Berlinger on Jan 20, 2015
permissions rbac

Comments

Log in or register to comment.

System authorizations
Security
© Copyright 2017 BMC Software, Inc. © Copyright 2017 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.