KBI 311359 Argent Product Security Configuration
Version
All versions
Date
Thursday, 17 March 2016
Summary
The article describes how to set Argent Product Security Configuration
Technical Background
Allow a normal user (non-Argent Administration) to set a Maintenance Schedule on selected server/device Nodes and Export Master Control Information or Export Maintenance Schedule Only, but deny all other access from the Argent AT GUI
In the following example the user ARGSOFTTEST\ARGENT is the Argent System Administrator and user ARGSOFTTEST\tempadm is a member of the Security Group ‘IT Staff’
-
1. Argent Product Security Configuration Settings
To make the Argent Product Security the most secure, make the Argent Product Security Configuration – Default Policy: Denied, this is the default from initial install
The default General Security Settings can be left as is, as they do not affect server/device Node security
2. License Manager – Security Settings
To allow general access to the License Manager add an Active Directory Security Group to Security Settings with Full Access
Make sure these changes are made using an Argent System Administrator (seen from the Product Security Configuration – System Administrator)
3. Supervising Engine – Security Settings
To allow access to the Export Master Control Information function from the Supervising Engine, add an Active Directory Security Group to Security Settings with Read Only (access)
4. CMDB-X – Security Settings
To allow server/device Node access from the License Manager on a per Node basis, select the Node and apply Security Settings with Full Access
Note: The user will not be able to alter any CMDB-X Node (add, delete or edit) as it is Read-Only without Product Security Configuration settings option Manage CMDB-X Database populated with an Active Directory Security Group
Resultant Access for User ARGSOFTTEST\tempadm
Once the settings are applied login to the Argent Server with Non-Argent System Administrator and navigate to License Manager and confirm access
Navigate to the Supervising Engine and confirm access and Export Maintenance Schedule Information Only and Export Master Control Information work as expected
Confirm by navigating to other components and Nodes that they show “You do not have the rights to view…” or “Access Denied”
Examples
License Manager With Selected Node Properties
Relator Definition
Argent Console Engine Configuration From Administration
References
How Do I Use The Argent Security Manager?
How Does The Node Security Work?
KBI 311011 New Feature: Expanded Global Security Objects For AT Objects
https://help.argent.com/#KBI_311011
KBI 220188 Argent Security Model
https://help.argent.com/#kbi_220188
KBI 310766 New Feature: Argent AT Global Security Objects
https://help.argent.com/#KBI_310766
KBI 310797 New Feature: How To Determine AT Object Security – GSO
https://help.argent.com/#KBI_310797
Argent Defender – Security
https://help.argent.com/#argent_defender_security_config
Resolution
N/A