In the Component Template on the General tab you have to check "Allow Remediation" or "Allow Auto-Remediation" depending on what you want to allow.
Can you be clearer about what you're looking for? In your original post you talked about compliance and remediation, and how to turn remediation for compliance. You didn't say anything about patching. So can you be more specific about what you're trying to do?
I get an error to a role that i assigned all the patchremediation rules
"Skipping remediation step as the role does not have one of the required permissions."
Ok, you are trying to run patching w/ auto-remediation? so you created Patching Job. you granted the role a number of permissions? you create the patching job w/ this role ? and then you are performing what specific action in the gui and you got an error ?
apologies for confusion, Our environment the remediation steps are disabled for both component template for scanning and patch remediation. Now I am trying to enable remediation for patching and I want the role to only perform patch remediation but not scan remediation. I have provided that role "
but still i get an error "Skipping remediation step as the role does not have one of the required permissions.
I had provided the role along with the follwing authorization as well
I granted the Patch analysis job read, modify targets and execute
I granted the Job Folder where these jobs reside or gets created
I granted the batchjob read, execute, modify and modify target
I granted the deployjb read, execute and modify target
I still get an error when i execute a patch analysis job with remediation set to "not execute"
It needs software.read and modify, and on all the catalog objects.
ok, I am adding WindowsSoftware.Read
after i added the windowssoftware, i am able do patch analysis but the same error for remediation ""Skipping remediation step as the role does not have one of the required permissions"
I provided the role the following permissions as documented at "https://docs.bmc.com/docs/display/public/bsa83/RBAC+permissions+for+patch+management" and now i am able to perform remediation. It does seem like lots of full permission. Is that all required?
CustomSoftware.* (for Linux only)
PatchCatalog.Write (Only for Solaris and AIX platforms)
1 of 1 people found this helpful
you may not - it depends what actions you want to perform. you could get more restrictive and allow only jobfolder.write, jobfolder.read, that kind of thing.
Is there a way i can turn on something that will tell me what is being used? right now, i just have to do trial and error
On each authorization in rbac you can enable notifications. I’d be careful about enabling ‘read’…