Managing static objects of a security profiles
The following topics are provided:
The Static Objects tab enables defining which of all existing database object types and objects an administrator is to be able to access and in which way. Be aware, that to access an individual object the administrator must be assigned at least read access to the respective top node. For example, the administrator must have at least view access to the Reports top node, to access a specific report.
By default this tab will always contain one entry, the respective administrator himself. When an administrator is created he will automatically be added here to provide him with the possibility to check his access rights. The default access defined at creation time is Read Access access allowed, any other access denied.
Parameter | Description |
|---|---|
Name | Displays the name of the object for which the right is assigned, for example, Hardware Inventory Report or All Devices for a query. |
Object Type | This column displays the object type of the selected object, such as Query or Report . |
Via Administrator Group | This field shows if the access right to the object is directly assigned to the administrator or if it is inherited through a group membership. The field is empty if it is directly assigned or it will contain the name of the group or groups from which the administrator inherits. |
Read Access | Contains Allow , for yes , grant write access or Deny , for no , do not grant it. In this case the administrator will not be able to see this object in his console nor any of its children. |
Write Access | Contains Allow , for yes , grant write access or Deny , for no , do not grant it. The administrator must have read access granted on the respective object to be able to be assigned write access. |
Assign Access | Contains Allow , for yes , grant write access or Deny , for no , do not grant it. This type of access is only of importance for objects that also have an Assign Access capability. In these cases the Assign Access capability for this object type is a prerequisite. If it is not assigned this access right is ignored. The database objects concerned by this are operational rules, packages and transfer windows. |
Direct Access Acknowledgement | This access type defines if system credentials are required when trying to access a device remotely via the Direct Access functionality. Possible values are:
|
Remote Control Acknowledgement | This access type defines if system credentials are required when trying to access a device remotely via the Remote Control functionality. Possible values are:
|
Real User Rights | This field shows if the administrator is accessing the local files and Windows Registry of a device with the access rights a system account or only those of the local account. It displays Yes , to limit to local account access, for complete system access this field remains empty. This parameter is only applicable to devices. |
Adding a static object
When adding objects to the security profile, be careful to always include the complete hierarchy to the target object including the object's top node, otherwise the administrators might still not be able to access the object. To add a database object, proceed as follows:
- Click Edit> Add Object
.
The Select Static Objects dialog box appears on the screen. - In the drop-down box Object Type select the type of the database object to add.
This list is pre-filtered according to your licenses. - The box to the left will now display the options in the form of icons, according to which you can select static objects, that is, you can chose between the Hierarchy , All and Search , for devices and groups you also have the option Topology . If you selected the option Top Nodes the field displays the complete list of all top nodes available in the console, so they can be added directly.
The contents of the following Available Objects list box will change to display the list of all objects of this type. - Select one or more objects from this window, or search for specific objects through the Search tab.
- Click Add
to move the selected objects to the Selected Objects box.
The Properties dialog box appears to define the type of access for the selected objects. Select the respective radio buttons and then click OK.
The objects will be added to the Selected Objects box in which they will be listed with their name and their type.
- If you would like to add objects of another type as well, repeat the preceding steps.
- Click OK to add all selected objects to the list of security objects of the security profile.
Modifying access rights of a static object
Objects to which access is assigned via a group cannot be modified. To restrict the access further than that assigned thought the group, the object must be assigned individually a second time with new settings. To modify existing access rights for objects, proceed as follows:
- Select the object for which the access is to be modified in the table in the right window pane.
- Click the Edit> Properties icon.
The Properties dialog box appears. - Select the radio buttons for the desired type of access.
- Click OK to confirm the modifications and to close the window.
Removing an object
If the object you are about to remove is a group or a folder make sure it is not a parent to any of the objects still in the list. In this case the administrators cannot be able to access the children anymore. To remove an object from the security profile, proceed as follows:
- Select the object to be removed from the list of security objects in the right window pane.
- Click Edit > Remove Object
.
A confirmation window appears. - Click OK to confirm the removal.