4 Replies Latest reply: Aug 3, 2012 3:10 PM by Bill Robinson RSS

update permissions on group of devices

James Burnett

I'm trying to apply a policy to a group of devices, but it is not working.  Can someone please help?


I have been using the method described here (https://communities.bmc.com/communities/thread/69170 ) where you right click on the group, click update permissions.   This seems to work fine on any of the groups(servers, Componentes, etc) except for groups of devices. i.e., if I update permissions & add an ACL policy on a server group, then the servers in that group will get the ACL Policy.   However, if I update permssions on a group of devices, then the group itself will get the policy, but none of the devices within the group will get the policy. Is this a bug?  Or am I missing something. 


FYI, I can update each device manually to have the ACL Policy so I am not sure what is stopping the devices from being updated when I update permissions on the group.  

  • 1. Re: update permissions on group of devices
    Bill Robinson

    what is the purpose of applying the policy to the device?  devices will normally get auto registered w/ the system so everytime a device auto-registers you'd need to go in and set the acls.

  • 2. Re: update permissions on group of devices
    Bill Robinson

    it would seem what you want to do is not built in - if you right click and choose 'update permissions' you are only allowed to select authorizations from the DeviceGroup space and not device.  so it's not functioning like the other object types.  you can contact support and have them open a rfe for this, but i would like to understand why you are trying to do this.

  • 3. Re: update permissions on group of devices
    James Burnett

    Hi Bill,

    Thanks for the response--I appreciate it.   Basically we only want the systems administrators to have access to the devices.   Maybe we are going about this the wrong way then.


    I'm assuming that there is a way to set the ACLs when the device auto-registers so that our sys admin role has access at that point?   I have never tried to have the policy apply when the device auto-registers, so I will investigate that.   Any clues would be appreciated.

  • 4. Re: update permissions on group of devices
    Bill Robinson

    if your other roles do not need to do anything w/ devices, then don't grant the roles any Device Authorizations in the role.  they won't be able to do anything to the devices, regardless of what acls are set on the device object.