Hi, working on project where we want people to be able to deploy content (Custom/Patch) to list of devices they are responsible for. The “custom” content will be created by the team and the people should only be able to deploy this (Testing and everything is handled as part of development).
I’ve setup everything and so far working fine, but I notice that when user has webui permission for “Custom” that they can see custom content and deploy but they also have option to “Create custom content”, granted they can only save it in the operator site and deploy from their.
Question? Is there option available to prevent operator from creating custom content at all, still want to have capability for deploying it? I’ve tried with various combinations but have not succeeded.
Any suggestions/ideas around that would be appreciated.
I know if user creates something that they deploy to machines which they are responsible for it’s not really our problem if something would break, but if possible like to avoid those scenario’s.
What permission have you given? I think if you give Reader permission to the site that would not allow content to be aded or modified.
I’m just looking at this type of access myself so we can enable individuals outside of the Bigfix support teamto have the ability to deploy custom content. I’m hoping to use roles to control access so the role permission control what level of access a user has to a custom site and then the roles are assigned to the appropriate users as opposed to trying to manage it at a per user level
Hi, they have reader permission to the site, and as I stated already they cannot create content in the “custom site” however it does not prevent them from creating content in their own operator site, and that’s what I would like to avoid.
The project I’m working would allow server owners to deploy custom content and/or Application updates/OS Patches using WebUI, this is part of larger project which involves training videos and team that will be creating custom content if not readily available.
What we would like to avoid is that these operators after sometime are getting more creative and basically start creating their own content (most likely little scripts to perform admin tasks on the device) but they will contact us if something does not work I know all part of education/training/best practices just looking for way to avoid all this.
Oh, thats interesting. For me, using a test account that I have only given read access to 3 custom sites I can see the custom content in all 3 sites but if I try the “Create Custom Content” button, it present me with a 403 error message “The server has refused to fulfill your request“ so doesn’t allow me to create content anywhere, not even in my op site. For the account I’m using I have, via a role, given read access to the site and under the WebUI Apps tab, I have only allowed “custom” and “workflow” (without workflow I can’t create actions from one of the fixlet in the custom site)
Yes, my understanding is that regardless of whether the user has access to the ‘Custom’ WebUI App, their ability to create & save Custom Content is limited by their Operator Account’s permission.
In the Console, check whether ‘Custom Content’ is granted for this operator, either directly or through their membership in a Role that grants ‘Custom Content’ rights.
Yes, for me I do not have Custom Content. I’m trying to use only roles to set the effective permissions and avoid setting account explicit settings which would then have to be set on a user by user basis.
