Delete site in Roles

Hi Guys

How can I delete those 2 sites from my role?
I only want the “WPM” site as assigned site.

If I give it “Reader” permissions, I can click Remove Site, but it stays there?

Any ideas?

As always, thank you!

Hi,

This screen looks like the Operator editing screen – you can’t actually remove BES Support from an operator.

In addition, it looks like the Server Automation/Plan Log Files site is granted to you via an assigned role (You can tell because your explicit permissions for that site are None but you have access to it) – youll have to remove or modify that role to remove access to the site.

Yes, It is from the Operator screen. I’ve deleted the operator and added it again without signing any computers, sites or roles:

By default, it’s subcribed to BES Support and Server Automation? As you can see, I don’t have any roles or anything configured…

I do have the following role:

So only with 1 site, “WPM”.

How can I delete BES support and server automation? If I assign the role to the user, the BES Support and server automation are still there?

Thanks for helping!

And the same is for the WebUI.
My role is like this:

Effective rights of the user:

Hello,

I can look into webui but in the mean time, you cannot unsubscribe an operator from bes support, all operators have access to bes support regardless of their explicit or role permissions.

For the server automation site im guessing someone marked it as global read permissions like in this picture: http://www.ibm.com/support/knowledgecenter/SS6MER_9.5.0/com.ibm.bigfix.doc/Platform/Console/Pictures/100000000000021D000000FA09CE18A9.gif

1 Like

For the WebUI it defaults to, “Enable for all operators”. If you click on WebUI Apps and find the specific app you can enable/disable this global setting.

Bill

1 Like

Well, that fixed it, forgot about that option! :slight_smile :slight_smile:

Thanks a lot @strawgate!

Okay, one more question. Why is there a difference between those:

This is my role:


But this is my users rights (who has only this site):

So that’s not the same? Do I need to change it there too?

Hi.

A user’s permissions is the combination of their Explicit Permissions (Permissions granted directly to them) and Role permissions. So the, “Effective Permissions” column is that combination.

The user appears to be receiving some rights from the role but most rights through their explicit permissions on their operator.

Bill

But then what is the use of specifying permissions by role? I would say that the user takes the permissions of the role and overrule the Explicit Permissions?

If you have 100 operators, you need to edit it a 100 times manually? I’m talking about the Permissions like Custom Content etc…

thanks for taking the time to explain it!

My understanding is that roles apply the least restrictive applied setting (a YES applied explicitly or via any role overrides any NO applied explicitly or via any role.

Redoing permissions is never fun but with a little scripting magic you should be able to take advantage of the REST API to both redo existing operator permissions but also script new operator creation so everyone has the right permissions/roles/etc from the get-go :slight_smile:

Bill

1 Like

Well, I think that’s the solution :slight_smile: thanks a lot man!

I’ve tested a little more and it seems that “YES” overrules “NO”, no matter where you configure it (role or user)… Just so you know :slight_smile:

1 Like

Ill edit my reply above to make it more clear for any future bigfixers running across this thread!

2 Likes