Hi guys. I need to give the security service access to WebReports where they should see only Bitlocker keys. And that’s it. How can I limit the role to just this? I can’t do it. When they log in, they see everything they don’t need to see. For example, on the screen - I want them to see only Current columns + MAC + Bitlocker and that’s it! Tell me how to do this. Thanks
They see all public analyses, all content, all operators, they don’t need it. It is necessary for the user to go in and see a specific analysis of Bitlocker and the computer name… Please tell me, I am very grateful
You could create a custom report for them and give them a link to that report directly, but what you are seeing is correct, Web Reports as a whole will let them see any property results for the computers to which they have access.
and how to restrict them in this? So that they do not see anything at all, except the list of computers to which I give them rights (group of laptops) and bitloker? Now they see the list of operators and all actions and the whole list that is in web reports… everything at all…
I don’t think there is such a restriction.
You could set up a Scheduled Report.and have it just email those results to them if you don’t want them to access Web Reports directly
It actually does exist in WR and goes by “blacklisting” (it was something I requested a long time ago) but it is on WR server level and applies to the entire instance, it’s not specific to users/roles/etc but to all, so if you want to use it then you essentially need to create a new dedicated WR server (and you have to answer yourself whether it justifies it). We essentially set it up for all of our business folks and out of the thousands of properties, they can only see 30-40 (as opposed to the instance for IT folks which just shows everything)!
The way that it was implemented is not ideal - I was hoping it will allow us to essentially select the properties we want to allow and be done with but instead the way that it works is you have to create a “|” separated string with the names of all properties that you want “blacklisted” (hidden) and add it to client setting on the dedicated WR instance (reg key: HKLM:\SOFTWARE\WOW6432Node\BigFix\EnterpriseClient\Settings\Client_WebReports_Properties_Blacklist ). Once you do, you need to restart WR instance. I did have an idea to reverse the implementation (HCL Software - Sign In) but it was never committed to, so I essentially had to write myself this RestAPI-based script that I run periodically on the dedicated WR instance which pulls the full list of properties off BigFix, removes the ones that should be whitelisted (I keep those in a file next to the script), and generates the “|” string which then puts in the reg key & restarts WR. Painful process cause for every new custom property you create by default it is visible and you have to run the script after each creation to hide it but it does work… Good luck, hope this helps you!
I agree and that’s why I raised the RFE but as you can see not a whole lot of people have interest in it (voted for it), hence, it is not getting much traction - I am not even sure there are considering it as far as the new Reports tool at all, so realistically not sure how much you can rely on it being fixed any time soon…
@iMrSkull I was doing this kind of opposite of you. I was making the Bitlocker keys available in the console so that people that had access to the property through console permissions could add it as a property and leverage it but block it from being used from webreports. I find it easier to restrict permissions in the console than webreports since webreports is read only and generally pretty open to properties as long as they can see the machine.
I setup the client setting on the webreports server to show
_WebReports_Properties_Blacklist = Bitlocker Recovery Key Then restart the webreports server service and it no longer showed up for everyone to see in webreports.
Correct, I have not heard about any interest in developing that feature further, but @Aram may be able to say more.
For this use case of only accessing a single property, you may be better served with a fairly simple API script or even just a ‘curl’ command to save the output, instead of giving them access to Web Reports.
