How to correctly use BES Session Inspectors

(imported topic written by arnaud91)

Hi,

I try to do something complex (for me !) with Task creator and BES Session Inspectors :

I want to allow/deny a console user to deploy a task, according to its reader right for a specific custom site.

To be more comprehensive, I want to use a script element (as bigfix does for “BigFix Firewall - Deploy” or BigFix Antivirus - Deploy" tasks), and that this script uses the relevance language with BES Session Inspectors to verify if current console user is a reader of a specific custom site (not the one in which this task will be available).

Today, I am able to retrieve (via the Presentation Debugger) the list of readers for a specific custom site :

names of readers of bes custom site whose (name of it = 
"Custom Site Name")

and the name of the current console user :

name of current console user

I had a look in the script used for the “BigFix Firewall - Deploy” task, but i don’t know how (if possible) to implement relevance language in it to verify if current console user is reader of a specific custom site before enabling the “action” link.

Does someone understand my need, and if yes, have an idea about it ?

Arnaud.

(imported comment written by jessewk)

Arnaud,

Why don’t you just move the task into a custom site and only give readership rights on the custom site to operators that are allowed to deploy the task?

Jesse

(imported comment written by arnaud91)

Jesse,

We sell the service to our customer, with various options, as Firewall, Antivirus, Windows Patch, …

For billing, we need to know on how many computers the customer uses each option.

To do so, we define, for each site, a subscription criteria : for example, property “Firewall Pack” = 1, and “Firewall Pack” property refers to a registry key on each computer.

If a customer wants a option, as BigFix Firewall, we put its console login in the reader list of the site, and then he needs to use a task to modify “Firewall Pack” registry key on its computers. so we created a custom site named “Option selection”, in which customer IT Manager will find a subscription task for each option we sell.

But we don’t want to give the possibility to the customer to select an option if he didn’t ask salesman for it.

So what we want is that the link to modify the registry key only appears if the customer Console login is in the site reader list.

This way, all customer IT Managers can see all available options (good for marketing), but can only use those they paid for.

I know its a little bit confusing, but its the only way we found.

Arnaud.

PS : it seems that it’s possible to have the readers of a custom site, but not for a “normal” site (external). Is it normal ?

(imported comment written by BenKus)

Hey Arnaud,

Your request is an unusual one… but you should take a look at the “Deploy BigFix AntiVirus” or “Deploy BigFix AntiPest” Tasks that first require that you click to accept the license agreement before deploying the action. This can give you a general blueprint on how you can hide BigFix Actions (which in this case will be triggered by a session inspector).

Note that in BES 7.0, you can specify operator rights on external (“normal”) Fixlet sites through the Tools > Manage Sites dialog. This might solve all your issues?

Ben

(imported comment written by arnaud91)

Hi Ben,

I finally solve the problem.

In the task, I added a Processing instruction :

if ((concatenation of names of readers of bes custom site whose (name of it = 
"Orange Firewall")) contains (name of current console user)) then 
"yes" 

else (
"no")

and a script (inspirated by “BigFix Firewall - Deploy” task):

document.body.onload = getAllParaElems;   function getAllParaElems() 
{ var Ptag = document.getElementsByTagName(
"p");   var UserValidationTest = Ptag[0].innerText.toLowerCase();   

if (UserValidationTest.match(
'yes')) 
{ Ptag[1].style.display = 
''; Ptag[2].style.display = 
''; Ptag[3].style.display = 
'none'; Ptag[4].style.display = 
'none';   var actionDivs = GetElementsByClassname(document.body, 
'div' , 
'actionlink'); 

for (var i = 0; i < actionDivs.length; i++) 
{ 

if ( actionDivs+.innerText.toLowerCase().match(
'select') ) 
{ actionDivs+.style.display = 
''; 
} 
} 
}   

else 
{ Ptag[1].style.display = 
'none'; Ptag[2].style.display = 
'none'; Ptag[3].style.display = 
''; Ptag[4].style.display = 
'';   var actionDivs = GetElementsByClassname(document.body, 
'div' , 
'actionlink'); 

for (var j = 0; j < actionDivs.length; j++) 
{ 

if ( actionDivs[j].innerText.toLowerCase().match(
'select') ) 
{ actionDivs[j].style.display = 
'none'; 
} 
} 
} 
}   function GetElementsByClassname(startNode, nodeType, nodeClass) 
{ var possNodes = startNode.getElementsByTagName(nodeType); var numPoss = possNodes.length; var nodes = 

new Array(); 

for (var i = 0; i < numPoss; i++) 
{ var classNames = possNodes+.className.split(
' '); 

for (var j = 0; j< classNames.length; j++) 
{ 

if (classNames[j] == nodeClass) 
{ nodes.push(possNodes+); 
} 
} 
} 

return nodes; 
}

The task description is like below :

Available option :

This task will subscribe selected computers to Orange Firewall Pack option. After completion, you will have the possibility to use tasks, fixlets, baselines and analyses of BigFix Firewall and Orange Firewall sites.

Important Note : This task will not install firewall software on selected computers. You will have to use appropriated tasks to deploy firewall software, rules, and all other firewall features.

You are not allowed to deploy this option on your computers.

Please contact your sales representative to enable this option.

As the processing intruction is the first element of the task description html body, the script verifies if there is a string containing “yes”, and will show the next 2 sentences and the link and hide the 2 last sentences, or the contrary if it finds “no”.

It works fine.

Arnaud.

PS : my question about operator rights on external site was about the relevance to use to know the list of readers of this type of site. The relevance below doesn’t work (Error: The operator “readers” is not defined.) :

names of readers of bes site whose (name of it = 
"BigFix Firewall")

but the same with a bes custom site works !

(imported comment written by BenKus)

Hi arnaud,

Glad you got it working… For your second question, try using “bes custom site”:

http://support.bigfix.com/cgi-bin/inspectorsearch/inspector_search.cgi?type=bes+custom+site&win=WinSkip&lin=LinSkip&hpux=HPUXSkip&mac=MacSkip&aix=AIXSkip&sol=SolSkip&client=1&core=1&session=1&regex=1

Ben

(imported comment written by arnaud91)

Ben,

I know “readers of” is working with bes custom site.

My question is : why is there no equivalent for bes site, even though there is a “reader” tab for bes site properties ?

Will this feature be added to next versions of BES ?

In the same way, there is a possibility to define subscription conditions for bes sites(very usefull for us), but not for bes custom sites. Is there a reason for this ?

(imported comment written by jessewk)

Hi Arnaud,

"reader of " is missing. I filed a request for it when I saw your post above last week. We’ll get it added into the next revision of the session inspectors.

For your other question, it is also possible to have subscription conditions for custom sites, it’s just done slightly differently. For a custom site, when you create the custom site the default behavior is that

no

clients are subscribed to the site (you can override this at creation time by checking the box to auto subscribe all clients). External sites are the opposite… the default condition is to subscribe

all

clients.

Once a custom site is created, you choose which computers subscribe to it by right-clicking the computers and selecting “Modify Site Subscriptions”. If you want to target by property value instead of specific computers, you can just make a copy of the site subscription action for a single computer and paste it into a custom action that you target however you’d like.

Jesse

(imported comment written by arnaud91)

Hi Jesse,

Thanks for your answer. We will wait for next version.

About custom site subscription, I created a action that never ends, checks if a specific registry key is set to “1”, and if yes, subscribes targeted computer to the custom site. It works, but for next version, it would be great to have the same “subscription” menu for custom sites as the one for external site.

Regards,

Arnaud

(imported comment written by TimRozycki91)

Hey All,

I have a follow up to this question. When I evaluate the relevance: readers of bes custom sites, I see all of the users that were assisgned specifically to the site as well as all of the members of groups assigned to the site, such as ‘Master Operators’ or ‘All Non-Master Operators’. However, when I evaluate: readers of bes site, it only displays users that are specifically assigned to the site. Any group assignments are ignored. Is there another way to get group assignments for bes sites?