My security folks are requesting a report of what console users have rights to do. In my searches of this forum, I see ways to list console users and/or groups to which they are affiliated.
Is there a way to take that a step further? The overall rights are really an overlay of computers (individual and/or group assignments), site assignments (especially custom content sites), roles, user permissions, and WebUI permissions. Is there a way to report on that?
You can view the listed items in the console by adding each item to the Operators View.
This has been a long-standing request for HCL to provide detailed reporting around operators. I have personally raised this question in multiple user group meetings, but unfortunately, nothing till now.
Eventually, I was able to achieve some level of reporting using the REST API by exporting each operator’s details into XML files and then importing them into Excel for formatting and analysis. However, aligning the data properly in Excel is not a straightforward task and requires some effort.
When you export operator using REST API, you will get below column header & associated results.
Operator Name || ActionScriptCommandsPrivilege || CanCreateActions || CanLock || CanSendMultipleRefresh || CanSubmitQueries || ComputerAssignments/ByRetrievedProperties/@Match || ComputerAssignments/ByRetrievedProperties/Property/@Name || ComputerAssignments/ByRetrievedProperties/Property/@Resource || ComputerAssignments/ByRetrievedProperties/Property/Value || ComputerAssignments/ByRetrievedProperties/Relevance || CustomContent || InterfaceLogins/API || InterfaceLogins/Applications/Name || InterfaceLogins/Console || InterfaceLogins/WebUI || LastLoginTime || LDAPDN || LDAPServerID || LDAPServerID || LoginPermission || MasterOperator || Name || PostActionBehaviorPrivilege || ShowOtherActions || StopOtherActions || UnmanagedAssetPrivilege