Skip to Content

Default language.

Information
Unsupported content This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Capabilities and access rights reference

The following table recapitulates the required capabilities and access rights to manage assignments between the different non-modifying database objects with the understanding that the view capability as well as read access is always required on both the parent and child object:

Parent

Child

Child Capabilities

Parent Access

Child Access

Custom Compliance Rule

Report

Assign Report

Assign

Read

Device

Custom Compliance Rule

Assign Compliance Rule

Assign

Read

Device

Inventory Filter

Assign Filters

Assign

Read

Device

Managed Application

Manage Managed Applications

Assign

Read

Device

Application List

Assign Application Lists

Assign

Read

Device

Licensed Software

Assign Licensed Software

Assign

Read

Device

Operational Rule

Assign Operational Rules

Assign

Read

Device

Package

Assign Packages

Assign

Read

Device

Patch Group

Assign Patch Groups

Assign

Read

Device

Patch Job

Assign Patch Jobs

Assign

Read

Device

Rollout

Assign Rollout

Assign

Read

Device

SCAP Job

Assign Compliance Rule

Assign

Read

Device

Task

Assign Task

Assign

Read

Device

Transfer Window

Assign Transfer Windows

Assign

Read

Device Group *

Custom Compliance Rule *

Assign Compliance Rule

Assign

Read

Device Group

Inventory Filter

Assign Filters

Assign

Read

Device Group

Managed Application

Manage Managed Applications

Assign

Read

Device Group

Licensed Software

Assign Licensed Software

Assign

Read

Device Group

Application List

Assign Application Lists

Assign

Read

Device Group

Operational Rule

Assign Operational Rules

Assign

Read

Device Group

Package

Assign Packages

Assign

Read

Device Group

Patch Group

Assign Patch Groups

Assign

Read

Device Group

Patch Job

Assign Patch Jobs

Assign

Read

Device Group

Report

Assign Reports

Assign

Read

Device Group

Rollout

Assign Rollout

Assign

Read

Device Group

SCAP Job

Assign Compliance Rule

Assign

Read

Device Group

Task

Assign Task

Assign

Read

Device Group

Transfer Window

Assign Transfer Windows

Assign

Read

Monitored Applications

Schedule Template

Manage Schedule Templates

Assign

Read

Operational Rule

Task

Assign Task

Assign

Read

Package

Operational Rule

Manage Operational Rules

Write

Write

Patch Group

Package

Manage Patch Groups

Write

Write

Patch Group

Task

Assign Task

Assign

Read

Prohibited Applications

Schedule Template

Manage Schedule Templates

Assign

Read

Query

Sub-Report

Manage Reports

Write

Write

Rollout

Task

Assign Task

Assign

Read

Rollout

User Account

Populate Rollout

Assign

Read

Scan Configuration

Scan

Assign Scan

Assign

Read

Scanner

Scan

Assign Scan

Assign

Read

SCAP Job

SCAP Package

Manage Compliance Rules

Write

Read

Target List

Scan

Assign Scan

Assign

Read

User

Operational Rule

Manage Operational Rules

Assign

Read

User Group

Operational Rule

Manage Operational Rules

Assign

Read

  • The assignment of a compliance rule to a device group in this case is used by the compliance rule to check the group members for their compliance.

Populating

The following table recapitulates the required capabilities and access rights to manage assignments between the different database objects concerning their population. Same as with the preceding table, the view capability as well as read access is always required on both the parent and child object:

Parent

Child

Parent Capabilities

Parent Access

Child Access

Administrator Group

Directory Server

Manage Administrators

Write

Read

Device Group *

Custom Compliance Rule *

Populate Device Groups

Write

Read

Device Group

Directory Server

Populate Device Groups

Write

Read

Device Group

Query

Populate Device Groups

Write

Read

Rollout

Device Group

Populate Rollouts

Write

Read

Rollout

Target

Populate Rollouts

Write

Read

User Group

Directory Server

Populate User Groups

Write

Read

User Group

Query

Populate User Groups

Write

Read

  • The assignment of a compliance rule to a device group here actually populates the device group with the result of its compliance check, that is, the group will contain all compliant devices, all non-compliant devices or those which could not be evaluated.

Scheduling

The following table recapitulates the required capabilities and access rights to schedule the execution of the different database objects. Same as with the preceding table, the view capability as well as read access is always required on the object:

Object

Capabilities

Access

Asset Discovery Scan

Schedule Scans

Write

SCAP Compliance Scan

Schedule Compliance Rules

Write

Operational Rule

Schedule Operational Rules

Write

Rollout

Schedule Rollout

Write

Configuring

The following table recapitulates the required capabilities and access rights to define the basic configuration of CM functionalities:

Functionality

Capabilities

Access

Compliance Management

Configure Compliance Management

Write

Operating System Deployment

Configure Operating System Deployment

Write

Patch Group

Configure Patch Groups

Write

Patch Job

Configure Patch Jobs

Write

Task Management

Configure Task Management

Write

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

Home