Creating a read-only administrator

The read-only administrator is somewhat an equivalent of the user administrator without the permission for modification. This type of administrator might be interesting for the head of the IT department to have an overview of the whole system and what goes on in it without active intervention.

  1. Log on to the console with a superadministrator or the admin login.
  2. Then go to the Global Settings and the Administrator Groups node.
  3. Create a new group called ReadOnly .
  4. Select the following Security Profile node and in the Capabilities tab.
  5. Click the Edit > Properties properties.pngmenu item.
     The Properties pop-up window appears.
  6. In the Modify Capabilities tab select ALL View capabilities apart from the following:
    • View Administrators
    • View System Variables
    • View Security Profile
    • View Licenses
  7. Click OK to confirm and close the window.
  8. Then go to the Static Objects tab and via the Properties pop-up window select all Top Nodes to be added to the static objects with Read access Allowed , and Write and Assign access Denied .
  9. In the Dynamic Objects tab add all queries which can be found under the folder BMC Client Management database apart from the All Administrators and All Administrator Groups queries with Read access Allowed , and Write and Assign access Denied via the Properties pop-up window. These queries ensure, that the administrator will be able to see all objects of any type that will be created in the future by any other administrator.

Note

 We consider administrators and administrator groups part of the system management and therefore have excluded them from the field of activity of the read-only administrator.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*