To create Patching Jobs and to deploy patches, the patch administrator must be assigned a role that includes the necessary permissions.
To facilitate division of responsibilities, you can assign permissions to one role or split between several roles.
Ensure that the patch administrator has the following permissions.
| Gives the user the ability to |
|---|
ACLPolicy.*
ACLTemplate.*
AIXPatchSoftware.Read
AIXPatchSoftware.Create
DepotFolder.*
DepotGroup.*
JobFolder.*
JobFolder.*
JobGroup.*
LinuxSoftwae.Read
PatchCatalog.Read
PatchCatalog.Write (for Solaris and AIX only)
PatchingJob.*
PatchSmartGroup.Read
Server.*
ServerGroup.*
SolarisSoftware.Read
SolarisSoftware.Create
WindowsSoftware.Read | Perform all operations related to Patch Analysis Jobs (only Patch Analysis, not Patch Remediation) |
ACLPolicy.*
ACLTemplate.*
AIXPatchSoftware.Read
BatchJob.*
BlPackage.*
CustomSoftware.* (for Linux only)
DeployJob.*
DepotFolder.*
DepotGroup.*
JobFolder.*
JobGroup.*
LinuxSoftware.Read
PatchCatalog.Read
PatchSmartGroup.Read
PatchingJob.Read
PatchDownloadJob.*
PatchRemediation.*
Server.*
ServerGroup.*
SolarisSoftware.Read
SolarisSoftware.Modify
WindowsSoftware.Read
WindowsSoftware.Modify
Note: SolarisSoftware.Modify and WindowsSoftware.Modify permissions are not mandatory. Even if the role assigned to the administrator does not have modify permissions on software objects in the depot, remediation jobs will be completed (but with warnings). | Perform all operations related to Patch Remediation Jobs (including their Deploy Jobs) |
AIXPatchSoftware.Create
BatchJob.*
BlPackage.*
CustomSoftware.* (for Linux only)
DeployJob.*
DepotFolder.*
DepotGroup.*
JobFolder.*
JobGroup.*
LinuxSoftware.Read
PatchCatalog.Read
PatchCatalog.Write (Only for Solaris and AIX platforms)
PatchSmartGroup.Read
PatchingJob.*
PatchDownloadJob.*
PatchRemediation.*
Server.*
ServerGroup.*
SolarisSoftware.Read
SolarisSoftware.Create
SolarisSoftware.Modify
WindowsSoftware.Read
WindowsSoftware.Modify
Note: SolarisSoftware.Modify and WindowsSoftware.Modify permissions are not mandatory. Even if the role assigned to the administrator does not have modify permissions on software objects in the depot, autoremediation jobs will be completed (but with warnings). | Perform all operations related to Patch Autoremediation Jobs (Patch Analysis and Patch Remediation) |
PatchGlobalConfig.Read
PatchGlobalConfig.Modify | Modify Patch Global Configuration settings |
ACLPolicy.*
ACLTemplate.*
AixPatchSoftware.*
DepotFile.*
DepotFolder.*
DepotGroup.*
JobFolder.*
JobGroup.*
PatchCatalog.*
PatchSmartGroup.*
PatchDownloadJob.*
Server.*
ServerGroup.*
SolarisSoftware.*
WindowsSoftware.*
AIXPatchSoftware.*
LinuxSoftware.* | Perform all operations related to Catalog Update Job for Windows/Solaris/Linux/AIX |