I need to enable a network operations center team to access the BigFix Console in a very controlled manner. Their assigned duties, related to BigFix, are to use the BigFix Console to monitor three areas and to perform triage actions in a specific, custom “Operations” site that contains fixlets and tasks that we want the Operations team to be able to take as conditions warrant.
I have created the appropriate BigFix user accounts for these users and granted them reader access to the Operations site. All systems they have monitoring responsibility for are subscribed to this site. Access to these systems has been granted to these users. I have not enabled “create custom content” for these users via the BES Admin tool; as recommended in another forum post related to Power Management dashboard access. We do not want the Operations team to take actions via dashboards - only to monitor them.
The team is able to deploy actions for all fixlets and tasks in the custom “Operations” site. Monitoring dashboard data, however, is a different story. I can’t seem to find the right combination of rights or site assignments that will allow the Operations team to have visibility to the “Deployment Health Checks” dashboard and the “BES Deployment Overview” overview - and not be able to deploy actions outside of the custom “Operations” site.
Bottom line: I must be able to enable dashboard and overview visibility without granting the Operations team Master Operator or any other rights that would enable them to deploy actions from sites other than the custom “Operations” site.
Does anyone have any ideas on how to achieve this?
The problem is that the Dashboards and Wizards are part of the Fixlet sites and data that populates the dashboards/wizards often comes from the Fixlets in these sites. So if you restrict the operators from not being able to see the Fixlet sites, then they also cannot see the dashboards… And even if you could give them access only to the dashboards, most of them wouldn’t work properly anyway because the user wouldn’t have access to the underlying Fixlets.
I can’t think of a way to accomplish what you are looking for in the console… might the operations team be able to use web reports to get at the same data? See if this helps: http://support.bigfix.com/bes/misc/customreports.html
I was trying to avoid using Web Reports - to prevent the need for keeping two different apps up at the same time. It sounds like this will not be avoidable.
To get a report in that exact format, you would need to build another custom report… but it seems that you might use the “Computer properties” report to get the info you are looking for…