Specific Sites and Users

Hello, I am trying to create new users and roles for my newly environment but I am having trouble assigning sites to this users or roles as it does not matter what I do, the users or roles always endup with BES Support (or BIG Fix Management).

Question here is, how can I create a user or role that ONLY gives an operator access to the PATCH Management site for example?

Hi, Did you try creating a role by assigning only the site you wanted and then add that role to that user?

If there are any Roles which are in LDAP and user is assigned to that, those roles will get added as and when the LDAP does a sync with user to assigned roles.

I would strongly caution you against assigning computers and sites to individual users. Assign computers and sites permissions to roles and then add users to the necessary roles. As your environment grows/matures you’ll be glad you took the time to properly setup roles in BigFix.

Thank you, I will follow that advise (however my question stands), the issue as I can see it is that every time I create an user that user gets the BES Support (Bigfix Management) site assign by default, after that, It does not matter that the assigned role does only have one site assigned (Patch Management site), the user always can see the BES support which is what we don’t want.

How can I remove the Bes Support (Bigfix Management) from an user without removing the user?
thanks.

Can’t get rid of BES Support. See these:

I believe unchecking the box for “Grant read Permission globally” will exclude itself from adding to users by default

Hello and thank you for the continue support.

In my environment the Grant read permission globally is grey out, hence I can not unclick the option, any one knows how to make that option available for the BES Support?

Thanks

Perhaps this link will give you more information.

I think there is a way to make “BES Support” not default for all users. In the below table of BF DB search for the site and modify the the column “AllOperators” value to 0.

[BFEnterprise].[dbo].[EXTERNAL_SITE_VISIBILITY]

Hello Sujay, It seemed that your suggestion worked but only to start with.

The process I followed was:
update EXTERNAL_SITE_VISIBILITY set alloperators = 0
go
Everything is fine…
I created a new user
Assign the windows_patch role (does not contain the patch support)
the new user will also get the bes support site
log off the main admin
log back in as the new user.
Confirm BES support site is present (which is what we don’t want)
log off
Log back on as the main admin
Click on the operator, REMOVE the bes suppor site (now I was able to do it)
Click on Save
log off the main administrator
log back on as the newly user.
Now BES Support site is not present (hurra…) I can see tasks and actions for patch management.
Log off from the console
log back on as the new user (NOtice, this happens every other time…)
Now every time I click on a task or action I get the message below,
Any ideas what is happening?

thanks for your continuous support

The suggested “workaround” may cause more problems that you need and it’s not supported by IBM. If you hide the content globally doesn’t work for you?

Only idea I have, is that you’ve broken the operator by trying to block the BES Support site. The BES Support site can’t be removed from operators because lots of other sites have dependencies on the files that are in there (including, probably, the file that is trying to be located to pull this up).

Please check the threads that are referenced earlier, the BES Support site is needed for all console operators. IIRC the best you can do is to “Globally Hide” the Fixlets/Tasks under BES Support that you don’t want normal operators to use.

No. BES Support site is required to be evaluated by all endpoints. Globally hiding the content inside though (by a master operator) will hide the content in BES support site from being seen by console users so that they can’t take actions on them. You’ll want to keep checking for new content though and globally hiding as appropriate. You may find that you don’t want to hide 100% of the content but just certain things.