KBI 311268 Enhancement: Option For Hiding Access Denied Objects In Argent Global Manager
Version
Argent Global Manager 3.1A-1507-A and later
Date
Friday, 7 August 2015
Summary
A new option ‘Hide Access Denied Objects’ is added in the Argent Global Manager to hide / show access denied objects
Setting the Hide Access Denied Objects option to True hides the denied objects and the False option shows all objects including the denied ones
Technical Background
Argent Global Manager Administrators may want to restrict the users from viewing the objects denied for them
For example, some customers may need to restrict the display of denied objects in the tree for users who has no access to those objects
Also they might need to restrict the display of nodes in the Console screen for which the user has no access
Argent Global Manager now provides an optional setting to hide all access denied objects and thereby limiting the resources of the user with only the objects in which he has an access
A Hide Access Denied Objects combo has been added in the Security screen (C7 Screen) with two options True and False
Setting this option as True, implements an added security as it hides all access denied objects and shows only the objects in which the user has access
If it is set to False, Argent Global Manager shows all objects including the denied objects but the user gets a warning message when he saves any definition containing denied object
The False condition works as the normal security mechanism of Argent Global Manager
For more information please refer:
https://help.argent.com/#KBI_311129
Notes:
- Hide Access Denied Objects setting is global, that is, the option set here applies on all the products including the shared objects
- The default setting of Hide Access Denied Objects is False, hence upgrading will not affect the existing customers until user explicitly changes the option to True
How The Objects Work When The ‘Hide Access Denied Objects’ Option Is Set To True
Argent Global Manager show access denied objects neither in tree nor in right definition pane, when the ‘Hide Access Denied Objects’ option is set to True
The user cannot make any modification in an object, if it contains a denied object in it (even though it is hidden)
For example, a Relator can include a Rule, Alert or Alert Macro, Monitoring Group, Calendar, Report, Automatic Report Distribution and another Relator
If the Relator has any access denied objects, these objects will be hidden in the Relator definition
On saving the Relator, a warning message will be displayed stating that the user has access rights issue
In the Console screen, all nodes that are denied for a user are hidden
The Events tab in the Console screen lists only the Events of the servers in which the user has an access (Full Access or Read-Only)
What Users See When Hide Access Denied Objects Option Is True
Example 1 – In Tree
For a user, the tree lists all Full Access and Read-Only Access objects, and all denied objects are hidden
Example 2 – In Monitoring Group
In the Monitoring Group, all the objects that are denied for a user are hidden
When user tries to save the Monitoring Group, it restricts saving and show a warning message with all denied objects in it
Example 3 – In Relator
- In a Relator, all denied objects are hidden and only the objects in which the user has an access (Full Access or Read-Only) are displayed
Consider a Rule and an Alert are added in a Relator by an Admin user
USER_A has Full Access on the Relator and Denied access on the Rule and the Alert
When USER_A tries to save this Relator, a warning message is shown as below
-
Suppose, a Monitoring Group is added in a Relator by the Admin user and the Monitoring Group contains two nodes AI-90 and AI-92
USER_A has Full Access on the Relator and Denied access on the nodes AI-90 and AI-92
When USER_A tries to save this Relator, it shows the following warning message
Example 4 – In Console
Application tab in the Console screen shows only the nodes in which the user has a Full Access or a Read-Only access
All denied nodes remain hidden
The Events tab in the Console screen shows only the events of those servers in which the user has a Full Access or a Read-Only access
Resolution
Upgrade to Argent Global Manager 3.1A-1507-A or later