Previous Topic: LimitationsNext Topic: Configuring Common Security

Client Automation Security FeaturesAuthorizationSecurity Scenario - Software Delivery

Security Scenario - Software Delivery

The following scenario gives you a better understanding of the security concept.

Scenario:

You want to allow a user to create software and have full permissions to edit and distribute this software for a specific group of computers. At the same time, you want to deny these permissions to other users.

You can create more than one user group, thus creating independent islands of subadministrators.

Open the Security Profiles dialog. Do not make changes to the Everyone and Owner/creator groups, and you can reserve the Administrators group for users with more overall privilege. So for this scenario you should define some new security profiles.

To implement the above scenario

  1. Create a new security profile, USER1 (a user account), that will have restricted usage.
  2. Set the class permissions for this profile as shown in the following table, using the Administrator group:

 

Object Class

Class Permissions

Comments

 

Software Package

Special Access (C)

Creates the software package. No other rights are required as you are the owner of the software package after you create it.

 

Procedure

Special Access (C)

Creates a procedure.

 

Software Job

Special Access (C)

Creates a software job on the target computer.

 

Software Job Container

Special Access (CVRW)

Creates, writes, and views the job container. This is available under the Jobs, Software Jobs, All Software Jobs folder.

 

Job Container Priority Access

No Access

Restricts the user from changing the job container priority.

Note: Higher priority job containers impact the task manager to delay the execution of lower priority job containers.

 

All Other Object Classes

No Access

Restricts the user from accessing other objects.

  1. Navigate to the asset group on which you want to distribute the software and set the group permissions for this profile as follows:

    Note: The specific asset group must be a security group with the Members inherit permissions option.

  2. Set Read (VR) permissions for the Domain (node), Computer and Users, and Software Package Library objects in the Object Permissions dialog.

Jobs that the user creates are visible to the user.

Set up another similar security profile, USER2. USER2 will not have access to USER1's computer, software groups, and jobs, and conversely.

If USER1 looks at the installations on the computers in Special, the ordered installations will be visible. Also, the Software Delivery software installed on these computers is visible to USER1 here, but nowhere else.