KBI 311268 Enhancement: Option For Hiding Access Denied Objects In Argent Global Manager

Version

Argent Global Manager 3.1A-1507-A and later

Date

Friday, 7 August 2015

Summary

A new option ‘Hide Access Denied Objects’ is added in the Argent Global Manager to hide / show access denied objects

Setting the Hide Access Denied Objects option to True hides the denied objects and the False option shows all objects including the denied ones

Technical Background

Argent Global Manager Administrators may want to restrict the users from viewing the objects denied for them

For example, some customers may need to restrict the display of denied objects in the tree for users who has no access to those objects

Also they might need to restrict the display of nodes in the Console screen for which the user has no access

Argent Global Manager now provides an optional setting to hide all access denied objects and thereby limiting the resources of the user with only the objects in which he has an access

A Hide Access Denied Objects combo has been added in the Security screen (C7 Screen) with two options True and False

Setting this option as True, implements an added security as it hides all access denied objects and shows only the objects in which the user has access

If it is set to False, Argent Global Manager shows all objects including the denied objects but the user gets a warning message when he saves any definition containing denied object

The False condition works as the normal security mechanism of Argent Global Manager

For more information please refer:

https://help.argent.com/#KBI_311129

Notes:

  • Hide Access Denied Objects setting is global, that is, the option set here applies on all the products including the shared objects
  • The default setting of Hide Access Denied Objects is False, hence upgrading will not affect the existing customers until user explicitly changes the option to True

How The Objects Work When The ‘Hide Access Denied Objects’ Option Is Set To True

Argent Global Manager show access denied objects neither in tree nor in right definition pane, when the ‘Hide Access Denied Objects’ option is set to True

The user cannot make any modification in an object, if it contains a denied object in it (even though it is hidden)

For example, a Relator can include a Rule, Alert or Alert Macro, Monitoring Group, Calendar, Report, Automatic Report Distribution and another Relator

If the Relator has any access denied objects, these objects will be hidden in the Relator definition

On saving the Relator, a warning message will be displayed stating that the user has access rights issue

In the Console screen, all nodes that are denied for a user are hidden

The Events tab in the Console screen lists only the Events of the servers in which the user has an access (Full Access or Read-Only)

What Users See When Hide Access Denied Objects Option Is True

Example 1 – In Tree

For a user, the tree lists all Full Access and Read-Only Access objects, and all denied objects are hidden

Example 2 – In Monitoring Group

In the Monitoring Group, all the objects that are denied for a user are hidden

When user tries to save the Monitoring Group, it restricts saving and show a warning message with all denied objects in it

Example 3 – In Relator

  • In a Relator, all denied objects are hidden and only the objects in which the user has an access (Full Access or Read-Only) are displayed

    Consider a Rule and an Alert are added in a Relator by an Admin user

    USER_A has Full Access on the Relator and Denied access on the Rule and the Alert

    When USER_A tries to save this Relator, a warning message is shown as below

  • Suppose, a Monitoring Group is added in a Relator by the Admin user and the Monitoring Group contains two nodes AI-90 and AI-92

    USER_A has Full Access on the Relator and Denied access on the nodes AI-90 and AI-92

    When USER_A tries to save this Relator, it shows the following warning message

Example 4 – In Console

Application tab in the Console screen shows only the nodes in which the user has a Full Access or a Read-Only access

All denied nodes remain hidden

The Events tab in the Console screen shows only the events of those servers in which the user has a Full Access or a Read-Only access

Resolution

Upgrade to Argent Global Manager 3.1A-1507-A or later


Download PDF