Dynamic Objects
The access to the dynamic objects is assigned indirectly though other objects, a query, a device group or a folder. This means, that when dynamic access is assigned, the objects to which the administrator has access might not always be the same.
Query:
A query defines via its target type and its criteria to which objects the administrator has access. These can change either
- when modifications are made to the query itself, such as adding new criteria or modifying one, or
- when changes happen to the environment of the query, which in this case means the target type of the query. For example, a new device that is added to the network complies with the criteria of the query.
For example, administrator admin1 is given access to query French . This query finds all administrators that are located in France, for example, AdminParis, AdminLyon and AdminNantes . A new administrator, AdminNice joins the company at a new location and is added to the database. Because his location is also in France , he will be automatically added to the list of administrators admin1 has access to.
Device Group or Folder:
When providing access via a device group or a folder the administrator has access to all direct and indirect members of this group or folder. For example: the administrator admin is assigned the device group Group 1 as a dynamic object. This group has the members PC1, Group 2 and Group 3 . admin now has access to PC1 (direct member) as well as all members of Groups 2 and 3 , that is PC2 and PC3 (indirect members). admin will also automatically have access to all PCs that are added to either of these groups. If members are removed from one of these groups he will automatically lose access to the removed members.
The Dynamic Objects tab displays the following information about the dynamic objects the administrator is given access to:
Parameter | Description |
|---|---|
Members of | Displays the name of the object for which the right is assigned, for example, All Devices , All French Clients or Patch Job Reports . |
Object Type | This field displays the target type of the object. The possible values for this type are the main objects available in the BCM database , such as Administrators or Devices . |
Via Administrator Group | This field shows if the access right to the object is directly assigned to the administrator or if it is inherited through a group membership. The field is empty if it is directly assigned or it will contain the name of the group or groups from which the administrator inherits. |
Read Access | Contains Allow , for yes , grant write access or Deny , for no , do not grant it. In this case the administrator will not be able to see the objects, which are the result nor any of their children in his console. |
Write Access | Contains Allow , for yes , grant write access or Deny , for no , do not grant it. For this access to be granted, the administrator must also have the read access granted. |
Assign Access | Contains Allow , for yes , grant write access or Deny , for no , do not grant it. For this access to be granted, the administrator must also have the read access granted. |
Direct Access Acknowledgement | This access type defines if system credentials are required when trying to access a device remotely via the Direct Access functionality. Possible values are:
|
Remote Control Acknowledgement | This access type defines if system credentials are required when trying to access a device remotely via the Remote Control functionality. Possible values are:
|
Real User Rights | This field shows if the administrator is accessing the local files and Windows Registry of a device with the access rights a system account or only those of the local account. It displays Yes , to limit to local account access, for complete system access this field remains empty. |