Remove Read Permissions Globally - BES Support

Rony · July 3, 2025, 2:24pm

The BES Support site is the only site for which we cannot control Operator read access. This site has “Grant read permissions globally” enabled by default and grayed out, preventing us from unchecking the box. Has anyone been successful in hiding this site? I see a 9-year-old post to change the setting in SQL here:

[BFEnterprise].[dbo].[EXTERNAL_SITE_VISIBILITY]

We are not comfortable making this change unless others have implemented it without any impact and it is recommended by HCL support. Along with removing access to the fixlets and tasks, we want to prevent operators from using the “Windows Software Distribution Wizard” in the BES Support site.

Thank you!

orbiton · July 3, 2025, 7:32pm

If I remember correctly if you are using the Console there are components which are essential for it to work and because of that you can’t remove the read permission.

If the users are no-MO, you can delegate permissions to specific WebUI apps and with that you can hide the BES Support - custom, patch, workflow - App permissions granted to user - Customer Support
And of course you can provide them a Custom Site