Managing access rights and capabilities for asset discovery
The Asset Discovery presents the following specific situations:
Wizards
To be able to launch the scanning wizard an administrator needs to have the Asset Discovery view capabilities on scan configurations, target lists and devices as well as the manage and assign capability on scan configurations.
The wizard can either use existing objects to execute or they can create new ones. Be aware, that to create new objects you need the manage capability for the top node of the respective object or at least one of its folders. By default objects created with the wizard will be located directly under the object‘s top node. If you do not have access to this node the new object will be created in the first folder for which you do have access rights. Otherwise, that is, if you do not have access to any of the objects of the type the object created via the wizard will be stored under the Lost and Found node.
Scan targets
Target lists in Asset Discovery can consist of devices known to the database, thus with defined security and devices without CM agent . Once a scan is executed on a target list the vulnerability inventory will be available via the console and the administrator, who created the scan can see the inventory for all the devices he was not expressly forbidden the access. As yet unknown devices without CM agent will be added to the database now with the status 'scanned' and no security defined, and any administrator with read access on the respective target list and thus the target devices can view the scan results.
Scanners
To define a device as a scanner or remove it from this functionality the Manage capability as well as Write access rights one the respective device are required.
As scans are assigned to their scanner and not to a top node of this type, when removing a device as a scanner all scans assigned to this scanner will also be removed. The administrator therefore also must have the capability Scan - Manage , as well as the Write access rights to all scans and folders defined under the respective scanner.
Comments
Log in or register to comment.