Managing static objects of a security profile
Static objects define existing database object types and objects. The Static Objects tab enables defining which of all existing database object types and objects an administrator is to be able to access and in which way. To access an individual object the administrator must be assigned at least read access to the respective top node. For example, the administrator must have at least read access to the Reports top node, to access a specific report.
By default, the Static Objects tab, will always contain one entry which is the respective administrator. When administrators are created they will automatically be added here so that they can check their access rights. The default access defined at creation time is Read Access; any other access denied.
The following sections are provided:
The Static Objects tab displays the following information about the objects the administrator is given access to:
Parameter | Description |
---|---|
Name | Displays the name of the object for which the right is assigned, for example, Hardware Inventory Report or All Devices for a query. |
Object Type | Displays the object type of the selected object, such as Query or Report . |
Via Administrator Group | Shows whether the access to the object is directly assigned to the administrator or is inherited through a group membership. The field is empty if it is directly assigned or it will contain the name of the group or groups from which the administrator inherits. |
Read Access | Contains one of the following options:
|
Write Access | Contains one of the following options:
The administrator must have read access granted on the respective object to be able to be assigned write access. |
Assign Access | Contains one of the following options:
This type of access is only important for objects that also have Assign Access capability. If the object does not have Assign Access, the user will not have Assign Access either, regardless of this setting. The database objects affected by this parameter are operational rules, packages, and transfer windows. |
Direct Access Acknowledgement | Defines whether an acknowledgment by the end user is required when the end user is trying to access a device remotely via the Direct Access functionality. Possible values are:
|
Remote Control Acknowledgement | Defines whether an acknowledgment by the end user is required when the end user is trying to access a device remotely via the Remote Control functionality. Possible values are:
|
Remote Control Session | Contains one of the following options:
|
Real User Rights | Shows whether the administrator is accessing the local files and Windows Registry of a device with the access rights to a system account or only those of the local account.
This parameter applies only to devices. |
Adding a static object
When you add objects to the security profile, always include the complete hierarchy to the target object including the object's top node; otherwise, the administrators might still not be able to access the object.
- Click Edit > Add Object .
The Select Static Objects dialog box opens. In the Object Type list, select the type of the database object to add.
This list is filtered according to your licenses.Note
The Top Nodes object type option displays the complete list of all top nodes available in the console, so they can be added directly.
- You have the option to change the view of the objects displayed. From the left panel select a method to display static object:
- Click Hierarchy to see the objects in a hierarchy.
- Click All to see all objects available to you.
- Click Search to search for a specific object.
- (Only for devices and groups) Click Topology to view a topological view of the objects.
- Select one or more objects from this window, or search for specific objects through the Search tab.
- Click Add to move the selected objects to the Selected Objects box.
The Properties dialog box appears to define the type of access for the selected objects. Select the respective options and then click OK.
Note
If the access rights to the local files and the Windows Registry are to be restricted to those those of the local account, check the option Respect Windows permissions when accessing files and the Registry in the Direct Access Acknowledgement panel. This option is only applicable to devices.
The objects will be added to the Selected Objects box in which they will be listed with their name and their type.
- (Optional) To add objects of another type repeat the preceding steps.
- Click OK to add all selected objects to the list of security objects for the security profile.
Modifying access rights of a static object
Objects to which access is assigned via a group cannot be modified. To restrict the access further than that assigned through the group, the object must be assigned individually a second time with new settings.
- Select the object for which the access is to be modified in the table in the right window pane.
- Select Edit > Properties.
The Properties dialog box appears. - Select the options for the desired type of access.
- Click OK to confirm the modifications and close the window.
Removing an object
When you remove a parent object, you also remove all of its children and the administrators cannot access the children.
- Select the object to be removed from the list of security objects in the right window pane.
- Select Edit > Remove Object .
A confirmation window appears. - Click OK to confirm the removal.
Comments
Log in or register to comment.