Running 9.2.1.48 off a Windows server. Have AD setup to use AD Groups as filtering method for access to see specific subset of machines. All was working well in 9.2.1.48 until I went into the Web Reports as a local admin, and setup one or two extra labels (“OS” and “BES Client”) and applied them to a few reports.
I logged out of the local admin account and back in as my standard AD account and now that account can see all of the computers in IEM, as opposed to the 10% of the computers they should be seeing. I logged back into the Console as my standard AD account and I can only see the 10% of the computers there, but in Web Reports I can now see 100%. Which is a bad thing. I don’t want standard AD accounts to see everything, only what they should be able to see if they were in the console!
I deleted the account from the web reports and re-logged in. No change (except losing all my reports, etc). Tried logging into Web Reports on a different machine and it still has the issue (not machine specific).
I don’t think there’s any relationship between console users and web reports users. If you’re limiting access to computers in the console, you’d have to do a parallel effort to enforce similar limits in Web reports.
sorry I’ve never limited access in Web reports. I only allow auditor groups in there, but i don’t give them any console access.
You need to set up roles in Web Reports. Once your role is set up in Web reports (ie using computer groups or other limiting options), then you assign the user (AD or local web account) to that role. Unfortunately, web reports and console don’t share roles so it’s a double process to assign permissions.
So yeap, not sure why it was working different before. But confirmed with IBM tech that it should not have been filtering the results in the web reports.
I have a similar issue, but unresolved. Win server, 9.2.2.21, AD, several groups within the structure limited in the console via AD groups. No problems with the console or permissions.
However, web reports users can see everything. Bad. I’ve tried creating roles and applying them to existing users, creating new AD (LDAP) users and adding the roles to them, everything. The relevant documentation I’ve found has the role created using “Restrict view with a filter”, which I’ve done to limit the possible computers viewable to just one subgroup. No luck.
What a hassle putting in a PMR. My company’s bureaucracy coupled with IBM’s requirement for my customer number, software registration information, etc., have made this problematic for me.
However, if anyone else would like to submit this as an issue, I’d be happy to supply the verbiage. Check the original problem statement from this thread:
I don’t know whether you’ve ever done PMRs, but it’s not like a bug report - it’s a request for support. IBM will call or email you back once you have a PMR open, and will work through the issue in your specific environment.
It wouldn’t do any good to have anyone here open a PMR for you, and besides…it’s just as much a hassle for us as it is for you. Almost all of us are product users here, this is a community forum.
Once you have your support account set up, your customer number / software registration number / etc. are all saved so all you need to recall is your email address and password.
Once you’re set up, their PMR tracking system is actually one of the better ones - I can see all of my cases going back years, with every email message between the support engineers and myself (as well as for PMRs submitted by others under my support contract), and brief summaries of each telephone conversation as well.
I can certainly understand having problems finding your customer number and support contract ID, working in a government environment there’s a vast gulf between our procurement people and our engineers. Anyone have any advice for looking that up? I expect IBM must have some way of checking, based on information from the masthead file?
IBM Hardware and Software Support
(Operating Systems, WebSphere, Information Management, Netezza, Cognos, SPSS, Lotus, Tivoli, Security Systems & Rational)
Toll: 1-919-864-3512
Toll free:1-800-426-7378