Skip navigation

Grant Permissions to allow Users to Update Inventories

score 5
You have not voted. Below Review Threshold

Currently it is required to grant permissions to "Users" using an Op Rule for Custom, Security, Scap Inventories to write to the files under c:\Program Files\BMC Software\..\Data\Selected Inventories.

 

Use Case:

 

Op Rule to Verify if Shortcut is on user's Profile/Desktop.  Op Rule must be executed as Currently Logged on User to  access the proper Profile. Here is the path to use for "Verify File Exists" Op Rule:

c:\Users\${Username}\Desktop\MyShortcut.lnk

Run As Current User.png

 

When you run the second step, Update Custom Inventory, It says it executed but no data is ever written to the CustomInventoryLast.sqlite3 file or any of the XML files.

 

In order to get this to work, these command lines must be run first as "System" or elevated privilege:

 

Command Line(s)
c:\windows\system32\Icacls ..\data\custominventory /grant BUILTIN\Users:(oi)(ci)m
c:\windows\system32\Icacls ..\data\securityinventory /grant BUILTIN\Users:(oi)(ci)m
c:\windows\system32\Icacls ..\data\scapinventory /grant BUILTIN\Users:(oi)(ci)m

 

There is no built in, "Out of the box", Op Rule or process to make this work when running an Op Rule as Current User when selected. Their should be a method or at least a section in the documentation providing a solution so customer is not required to contact support or get frustrated when this process does not seem to work.

 

Here is what I provide my customers when they contact me requiring assistance:

I probably do not require Step 4 as it selects a file vs. the folder but showing for purpose of granularity.

 

Please vote up so DEV will review.

 

Steve G.

Comments

Vote history