The BES Support site is the only site for which we cannot control Operator read access. This site has “Grant read permissions globally” enabled by default and grayed out, preventing us from unchecking the box. Has anyone been successful in hiding this site? I see a 9-year-old post to change the setting in SQL here:
[BFEnterprise].[dbo].[EXTERNAL_SITE_VISIBILITY]
We are not comfortable making this change unless others have implemented it without any impact and it is recommended by HCL support. Along with removing access to the fixlets and tasks, we want to prevent operators from using the “Windows Software Distribution Wizard” in the BES Support site.
If I remember correctly if you are using the Console there are components which are essential for it to work and because of that you can’t remove the read permission.
If the users are no-MO, you can delegate permissions to specific WebUI apps and with that you can hide the BES Support - custom, patch, workflow - App permissions granted to user - Customer Support
And of course you can provide them a Custom Site
We need users to access the console. WebUI-only access is not an option. The compromise for now was to restrict WebUI access and custom content in a separate role. Restricting custom content prevented users from accessing the wizards and software distribution. It also prevented them from creating tasks & fixlets, but allowed them to use custom content our engineers have created. We are unable to restrict the tasks & fixlets in BES Support, but we can live with that for now.