×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Space banner

   

This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.
BMC Client Management 12.8 ... Administering Managing security Managing access rights and capabilities for specific cases

Managing access rights and capabilities for asset discovery

The Asset Discovery presents the following specific situations:

Wizards

To be able to launch the scanning wizard an administrator needs to have the Asset Discovery view capabilities on scan configurations, target lists and devices as well as the manage and assign capability on scan configurations.

The wizard can either use existing objects to execute or they can create new ones. Be aware, that to create new objects you need the manage capability for the top node of the respective object or at least one of its folders. By default objects created with the wizard will be located directly under the object‘s top node. If you do not have access to this node the new object will be created in the first folder for which you do have access rights. Otherwise, that is, if you do not have access to any of the objects of the type the object created via the wizard will be stored under the Lost and Found node.

Scan targets

Target lists in Asset Discovery can consist of devices known to the database, thus with defined security and devices without CM agent . Once a scan is executed on a target list the vulnerability inventory will be available via the console and the administrator, who created the scan can see the inventory for all the devices he was not expressly forbidden the access. As yet unknown devices without CM agent will be added to the database now with the status 'scanned' and no security defined, and any administrator with read access on the respective target list and thus the target devices can view the scan results.

Scanners

To define a device as a scanner or remove it from this functionality the Manage capability as well as Write access rights one the respective device are required.

As scans are assigned to their scanner and not to a top node of this type, when removing a device as a scanner all scans assigned to this scanner will also be removed. The administrator therefore also must have the capability Scan - Manage , as well as the Write access rights to all scans and folders defined under the respective scanner.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Rohit Parmar on May 21, 2016

Comments

Log in or register to comment.

Managing devices and device group capabilities
Configuring SSL for BMC Client Management
© Copyright 2013 - 2021 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.