6 Replies Latest reply on Mar 24, 2016 4:28 AM by Soundappan Shanmugam

    Regarding server-automation-bsa-vulnerabilities-in-unixlinux-rscd-agent-cve-ids-cve-2016-1542-cve-2016-1543

    Soundappan Shanmugam

      Hey Folks

       

      I have an issue when an auto remediation job is created automatically via a batch job that executes discovery and compliance

       

      1. as a prereq i have added the auto remediate option in the bl package in component template for each rule.

      2. i created a discovery job without target machines

      3. I created a compliance job with the Depot folder & Job Folder name where the package would be stored and the deploy job will be created for the same

       

      JobFolder that is being saved has Read/Write permission when created manually

       

      but when i execute the batch job by selecting the targets i get this error

       

      "Error during auto-remediation: Access Denied JobFolder.Create on BMCHF-RemediationJob"

       

      Note: Im not using BLAdmin role for this, as bladmin works like charm,

       

      Going through communities i got some hints of components getting created have enough rights.

      Yes they do have, because the discovery works well and only during compliance it fails.

       

       

      i have a separate role for the same

      with the below authorization

      AIXPatchSoftware.ReadAuthorizationOpen depot software
      AIXSoftware.ReadAuthorizationOpen depot software
      AuditJob.*AuthorizationAudit Job management
      BatchJob.*AuthorizationBatch Job management
      BatchJob.ExecuteAuthorizationExecute Batch Job
      BatchJob.ModifyTargetsAuthorizationModify Batch Job targets
      BatchJob.ReadAuthorizationRead Batch Job
      BLPackage.CreateAuthorizationCreate new BLPackage
      BLPackage.ReadAuthorizationOpen BLPackage
      Component.*AuthorizationComponent authorizations
      ComponentGroup.*AuthorizationComponent group authorizations
      ComponentTemplate.*AuthorizationComponent template authorizations
      ComponentTemplateFolder.*AuthorizationComponent template authorizations
      ComponentTemplateGroup.*AuthorizationComponent template group authorizations
      ConfigFile.ReadAuthorizationRead/open configuration file
      CustomSoftware.*AuthorizationSoftware authorizations
      CustomSoftware.ReadAuthorizationOpen depot software
      DeployJob.BreakAuthorizationBreak Deploy Job's dependencies
      DeployJob.CancelAuthorizationCancel Deploy Job
      DeployJob.CreateAuthorizationCreate new Deploy Job
      DeployJob.CreateACLAuthorizationCreate ACL for Deploy Job
      DeployJob.ExecuteAuthorizationExecute Deploy Job
      DeployJob.ExecutionTaskOverrideAuthorizationAllow Execution Tasks to override job properties
      DeployJob.ModifyAuthorizationModify Deploy Job
      DeployJob.ModifyACLAuthorizationModify ACL for Deploy Job
      DeployJob.ModifyPriorityAuthorizationModify job priority for Deploy Job
      DeployJob.ModifyPropertiesAuthorizationModify Deploy Job properties
      DeployJob.ModifyScheduleAuthorizationModify Deploy Job schedule
      DeployJob.ModifyTargetsAuthorizationModify Deploy Job targets
      DeployJob.PauseResumeExecutionAuthorizationPause and resume Deploy Job execution
      DeployJob.ReadAuthorizationRead Deploy Job
      DeployJob.UndoAuthorizationUndo Deploy Job
      DepotFile.*AuthorizationDepot file authorizations
      DepotFile.ModifyAuthorizationModify depot file
      DepotFile.ReadAuthorizationOpen depot file
      DepotFolder.*AuthorizationDepot folder management
      DepotFolder.ReadAuthorizationOpen depot folder
      DepotFolder.WriteAuthorizationAdd new objects into depot folder
      DepotGroup.ReadAuthorizationOpen depot group
      DiscoveryJob.*AuthorizationDiscovery Job management
      ExtendedObject.CreateAuthorizationCreate extended object definition
      ExtendedObject.ModifyACLAuthorizationModify ACL for extended object definition
      ExtendedObject.ReadAuthorizationRead extended object definition
      JobFolder.CreateAuthorizationCreate new job folder
      JobFolder.ReadAuthorizationOpen job folder
      JobFolder.WriteAuthorizationAdd objects to job folder
      JobGroup.CreateAuthorizationCreate new job group
      JobGroup.ReadAuthorizationOpen job group
      JobGroup.WriteAuthorizationAdd objects to job group
      LinuxSoftware.*AuthorizationSoftware authorizations
      LinuxSoftware.ReadAuthorizationOpen depot software
      PatchSmartGroup.ModifyAuthorizationModify patch smart group
      PatchSmartGroup.ReadAuthorizationOpen patch smart group
      PatchSmartGroup.WriteAuthorizationAdd new objects into patch smart group
      Server.AuditAuthorizationAllow audits on this server
      Server.DeployAuthorizationAllow deploys on this server
      Server.DiscoverAuthorizationDiscover this server
      Server.ReadAuthorizationRead server properties and other metadata
      ServerGroup.ReadAuthorizationOpen server group
      ServerGroup.WriteAuthorizationAdd objects to server group
      SnapshotJob.*AuthorizationSnapshot Job management
      SolarisSoftware.*AuthorizationSoftware authorizations
      SolarisSoftware.ReadAuthorizationOpen depot software

       

       

      correct me if im wrong in any ways.