Version

Argent Global Manager 3.1A-1412-A and later

Date

Wednesday, 17 Dec 2014

Summary

Argent Global Manager has been enhanced with an option to set Security on individual objects or object folders, for Active Directory users/groups

Security can be set either explicitly or implicitly

Explicitly means Security is applied using Global Security Objects (GSO) or specifying accessing rights to explicit users/groups

Security applied implicitly using the special feature of GSO (This feature is explained in the later sections)

A Default Policy of the product can be set from any one of the three options:

• Denied
• Read-Only
• Full Access

For a detailed view on setting security in Argent Global Manager, see:

How To Set Security In Argent Global Manager

Technical Background

Argent Global Manager version 3.1A-1412-A implements the same security mechanism as in Argent AT

However, the concept of applying security on Shared Objects (CMDB-X, Alerts, Monitoring Groups, Automatic Report Distributions, Macros and Calendars) slightly differs as they are commonly allocated for all products in Argent Global Manager

Product security is achieved by setting different levels of access privileges to Active Directory users/groups

The three levels of access rights that can be set are:

Defining Security

As shown in the adjacent screenshot, a new ‘Administration’ section is added in the tree that allows defining security for shared objects and also for each Argent AT product independently

The Administration section in the tree lists all products and an ‘Argent Shared’ option

Click For Full Size

The Argent Shared option is used to define the security for shared objects

Each option in the Administration section has a ‘Security’ leaf node and on clicking this node, a Security screen (C7 screen) of the corresponding product is displayed

The product security works independently in each product; that is, the security defined for one product does not relate to the security of another product

The Security screen allows defining multiple security conditions:

a) Adding System Administrator

Active Directory users/groups can be set as System Administrators of the product using the ‘System Administrator’ option

To set security using C7 screen, the user must have ‘System Administrator’ privilege in that product

Users defined as System Administrators in Argent AT products will be System Administrators for corresponding product in Argent Global Manager by default

The System Administrator user gets Full Access on the product regardless of any security set for that user explicitly

b) Defining Default Policy

A Default Policy can be set here, from one among the three options: Denied, Read-Only and Full Access

The security defined here is applied on all Rules, Relators and Reports of that product by default

c) Creating Global Security Objects (GSO)

The Security screen also allows adding Global Security Objects (GSO)

Global Security Objects provide a mapping between Active Directory groups/users against different privileges

Applying security using GSO benefits that it works as a security macro that can be reused anywhere across Argent Global Manager

For example, assume a company needs to set Full Access for the Admin users on an object and a ‘Read-Only’ access for Domain users on the same object

In this case, a GSO can be created by specifying Admin users with Full Access and Domain users with Read-Only access

On assigning this GSO to an object, each users in the GSO get permission to access this object as defined in the GSO (Admin users – Full Access and Domain users – Read-Only access)

Same GSO can be used anywhere across Argent Global Manager

Shared Object Security

Shared Objects comprises of the components that are common to all products of Argent AT like CMDB-X, Alerts, Monitoring Groups, Automatic Report Distributions, Macros and Calendars

Working Concept:

Click For Full Size

The policy set here are applied on all shared objects

For example, if the Default Policy for the shared object is Denied, then none of the shared object will be shown for the user, unless configured otherwise

If a security is set on a shared object for a user, that user gets the same privileges on that object when accessing from any product

How To Apply Security On Objects

Security on an object or object folder can be applied explicitly by invoking the ‘Security Settings’ option in the context menu

Click For Full Size

To set security on an object, customers can use pre-defined GSO policies or define access rights for explicit users or groups

1. Applying Security Using GSO

Clicking ‘Security Settings’ option displays a new screen Z4B (see screenshot)

To apply GSO, check the ‘Use Global Security Object’ combo and select the desired GSO


2. Apply Security To Explicit Users/Groups

   Specific access rights can also be set for explicit users/groups

Note:

How Security Works In Argent Global Manager

The child node inherits the security set on its immediate parent node, until the tree root

If any security is defined explicitly, the inherited security is overridden

Argent Global Manager has incorporated a special feature of Argent AT where the security settings of a Global Security Object is applied for a folder if the folder name exactly matches the Global Security Object name

Hence the user may just create a GSO with the same name of the folder for which the GSO is required to be applied

Users/Groups and permissions required may be suitably defined for the GSO and the security gets applied to the folder automatically

Applying GSO implicitly using this feature helps the Argent System Administrator in two ways:

• Save time in assigning the created GSO to the required folder
• Easily understand the extent of security applied from the GSO name itself