As stated by @JasonWalker this is indeed possible.
You can restrict the permissions of one User group to a specific Target group. Of course the Target group must contains only the wanted computers.
This can be achieved by creating a permission pair User Group <-> Target Group by clicking on User Group -> All User Groups -> “select a user group” -> Manage Peremissions -> “select a Target group” -> Submit. In order to enable the permission just check “Enabled” then “Submit” again.
Also you need to:
-
Delete or disable all the other pair which links the user group to other unwanted Target group like Default Target Group.
-
Make sure that the Target is only part of the wanted Target group by checking the Target membership.
-
Make sure that the Users belongs only to the wanted User group by checking the User membership. Note if you have LDAP enabled you can only deselect the local groups while the membership of a remote group is defined in the LDAP server and even if you change it locally it will be overwritten once the serve sync again with the LDAP server.
About the listing of the Targets instead you have less control and although this is a very demanding feature this hasn’t been implemented yet. This means that the operators can still list all Targets unless you manually disable the “All Targets” report page for users and tune some settings on the server.
I suggest you to open an “idea” (request for enhancement) on this portal:
https://bigfix-ideas.hcltechsw.com/ideas?project=BFLCM
Anyway you can set these settings on the server (Admin -> Edit properties file) in the trc.properties section:
view.all.targets.auth = A
browse.targets.auth = U
This will disable the “All Target view” for non admin user and enable the" Browse" entry in the “Targets” menu for all users.
It must be noted that a non administrative user can still use the “Search” function under Targets. In order to prevent wildcard searches you need to set:
target.search.minimum.nonwildcards = a value greather than 1
target.search.maximum.wildcards = 0
In this way you need to enter a full string instead of using * (searches like 192.168.* or Windows* won’t be allowed).
Last but not least you can set the home page for the specific User group to a report different than “All Target” by following this procedure:
https://help.hcltechsw.com/bigfix/10.0/lifecycle/Lifecycle/Remote_Control/RC_Admin_Guide/rcadmedithomepage.html?hl=change%2Cuser%2Cgroup%2Chome%2Cpage
The Browse feature can be inconvenient if you have many Targets so you can create in this case a custom report which lists all Targets in a specific Target Group and set it as home page for the specific User Group. You can leverage this SQL:
SELECT DISTINCT A.HWKEY ,A.COMPUTERNAME ,B.IP_ADDRESSES ,B.LOGGED_USER ,A.MANUFACTURER ,A.MODEL ,A.SERIAL_NO ,B.LAST_UPDATE FROM ASSET.ASSET A LEFT OUTER JOIN COMMON.LIVEPOINTS B ON A.HWKEY = B.HWKEY LEFT OUTER JOIN COMMON.GROUPASSETMEMBER G ON A.HWKEY = G.HWKEY WHERE G.GAKEY IN (1 , 3) ORDER BY A.HWKEY
You need to substitute 1 and 3 with the Target Group IDs that you want. The IDs are reported in the All Target Group page.
This is the procedure to create a custom report:
https://help.hcltechsw.com/bigfix/10.0/lifecycle/Lifecycle/Remote_Control/RC_Admin_Guide/rcadmcreatecustomreport.html?hl=create%2Ccustom%2Creport