Recently we discovered that we had the definition of some of our dynamic groups changed and it affected the targeting we typically do for our patching. We have no idea which of our operators did it and we’d like to provide them some education.
Is there a way for us to find out when the dynamic group’s definition was changed and by whom? I’ve looked in the server audit log and daily server log and I don’t see anything that give us either piece of information.
Do we have a way to make a dynamic group “read-only”?
Can we restrict users from creating or editing dynamic groups, but allow other operations related to custom content?
I think the group properties will show the last person to modify the group, but not sure on that point.
Your best bet would be to put your shared groups in a custom site for which the operators have read-only access, and they could keep their fixlet content in a different custom site for which they have write access.
@JasonWalker I appreciate your suggestion about putting shared groups in a custom site that’s read-only.
As for group properties, I don’t see where the creator or last editor is kept on the UI. I don’t know if there might be more information on the database level.
You’re right, I couldn’t find a place in the UI either.
May be able to make some headway with Session Relevance, either in the Console Debugger or in a custom Web Report.
You can take advantage of the fact that groups are fixlets too
properties whose (it as string contains "group") of type "bes fixlet"
group flag of <bes fixlet>: boolean
component groups of <bes fixlet>: bes baseline component group
So you can use all of the ‘bes fixlet’ inspectors to retrieve properties. This part might be useful, also check because there are a lot of properties of ‘bes fixlet’ -
Q: (ids of it, names of it, names of issuers of it, modification time of it, concatenation of substrings separated by "%0d" of relevance of it ) of bes fixlets whose (group flag of it)
A: 262, Linux Computers, MY_MASTER_OPERATOR, ( Tue, 06 Nov 2012 09:25:40 -0500 ), ( (version of client >= "6.0.0.0") AND (exists true whose (if true then (exists (operating system) whose (it as string as lowercase starts with "linux")) else false)) )
A: 343, Windows Computers, MY_MASTER_OPERATOR, ( Tue, 06 Nov 2012 10:16:21 -0500 ), ( (version of client >= "6.0.0.0") AND (exists true whose (if true then (exists (operating system) whose (it as string as lowercase starts with "win")) else false)) )
(I used ‘concatenation of substrings separated by “%0d”’ because some of my relevance clauses have embedded newlines in them for readability, this collapses them into one line in the results)