To create Patching Jobs and to deploy patches, the patch administrator must be assigned a role that includes the necessary permissions.
To facilitate division of responsibilities, you can assign permissions to one role or split between several roles.
Ensure that the patch administrator has the following permissions.
| Gives the user the ability to |
|---|
AIXPatchSoftware.Read
DepotFolder.Read (on the depot folder where the Catalog is stored)
JobFolder.Read,Write (To create the Patching Job(s) inthe Job folder)
LinuxSoftware.Read
PatchCatalog.Read
PatchCatalog.Write (for Solaris and AIX only)
PatchingJob.*
PatchSmartGroup.Read
Server.Read (only requires read to run the patching job)
ServerGroup.Read
SolarisSoftware.Read
SolarisSoftware.Create
WindowsSoftware.Read | Perform all operations related to Patch Analysis Jobs (only Patch Analysis, not Patch Remediation) |
AIXPatchSoftware.Read
BatchJob.*
BlPackage.*
CustomSoftware.* (for Linux only)
DeployJob.*
DepotFolder.Read,Write (in the folder to create all the packages)
DepotGroup.Read
JobFolder.Read,Write
LinuxSoftware.Read
PatchCatalog.Read
PatchSmartGroup.Read
PatchingJob.Read
PatchDownloadJob.*
PatchRemediation.*
Server.Read,Deploy
ServerGroup.Read (to find servers)
SolarisSoftware.Read
SolarisSoftware.Modify
WindowsSoftware.Read
WindowsSoftware.Modify
Note: SolarisSoftware.Modify and WindowsSoftware.Modify permissions are optional. Even if the role assigned to the administrator does not have modify permissions on software objects in the depot, the remediation jobs are completed with warnings. | Perform all operations related to Patch Remediation Jobs (including their Deploy Jobs) |
PatchGlobalConfig.Read
PatchGlobalConfig.Modify | Modify Patch Global Configuration settings |
ACLPolicy.* (This permission is only required if ACL policies used in catalog must be created because they do not already exist).
ACLPolicy.Read
AixPatchSoftware.*
DepotFile.* (for offline catalogs, users must be able to create depot files)
DepotFolder.Read,Write (users must have read/write privileges in a depot folder to create the catalog)
JobFolder.Read,Write (in the case of a download job, this access is a minimum requirement)
PatchCatalog.*
PatchSmartGroup.*
PatchDownloadJob.*
ServerGroup.Read,Browse (required on the helper servers)
SolarisSoftware.*
WindowsSoftware.*
AIXPatchSoftware.*
LinuxSoftware.* | Perform all operations related to Catalog Update Job for Windows/Solaris/Linux/AIX |