I have an issue when an auto remediation job is created automatically via a batch job that executes discovery and compliance
1. as a prereq i have added the auto remediate option in the bl package in component template for each rule.
2. i created a discovery job without target machines
3. I created a compliance job with the Depot folder & Job Folder name where the package would be stored and the deploy job will be created for the same
JobFolder that is being saved has Read/Write permission when created manually
but when i execute the batch job by selecting the targets i get this error
"Error during auto-remediation: Access Denied JobFolder.Create on BMCHF-RemediationJob"
Note: Im not using BLAdmin role for this, as bladmin works like charm,
Going through communities i got some hints of components getting created have enough rights.
Yes they do have, because the discovery works well and only during compliance it fails.
i have a separate role for the same
with the below authorization
AIXPatchSoftware.Read Authorization Open depot software AIXSoftware.Read Authorization Open depot software AuditJob.* Authorization Audit Job management BatchJob.* Authorization Batch Job management BatchJob.Execute Authorization Execute Batch Job BatchJob.ModifyTargets Authorization Modify Batch Job targets BatchJob.Read Authorization Read Batch Job BLPackage.Create Authorization Create new BLPackage BLPackage.Read Authorization Open BLPackage Component.* Authorization Component authorizations ComponentGroup.* Authorization Component group authorizations ComponentTemplate.* Authorization Component template authorizations ComponentTemplateFolder.* Authorization Component template authorizations ComponentTemplateGroup.* Authorization Component template group authorizations ConfigFile.Read Authorization Read/open configuration file CustomSoftware.* Authorization Software authorizations CustomSoftware.Read Authorization Open depot software DeployJob.Break Authorization Break Deploy Job's dependencies DeployJob.Cancel Authorization Cancel Deploy Job DeployJob.Create Authorization Create new Deploy Job DeployJob.CreateACL Authorization Create ACL for Deploy Job DeployJob.Execute Authorization Execute Deploy Job DeployJob.ExecutionTaskOverride Authorization Allow Execution Tasks to override job properties DeployJob.Modify Authorization Modify Deploy Job DeployJob.ModifyACL Authorization Modify ACL for Deploy Job DeployJob.ModifyPriority Authorization Modify job priority for Deploy Job DeployJob.ModifyProperties Authorization Modify Deploy Job properties DeployJob.ModifySchedule Authorization Modify Deploy Job schedule DeployJob.ModifyTargets Authorization Modify Deploy Job targets DeployJob.PauseResumeExecution Authorization Pause and resume Deploy Job execution DeployJob.Read Authorization Read Deploy Job DeployJob.Undo Authorization Undo Deploy Job DepotFile.* Authorization Depot file authorizations DepotFile.Modify Authorization Modify depot file DepotFile.Read Authorization Open depot file DepotFolder.* Authorization Depot folder management DepotFolder.Read Authorization Open depot folder DepotFolder.Write Authorization Add new objects into depot folder DepotGroup.Read Authorization Open depot group DiscoveryJob.* Authorization Discovery Job management ExtendedObject.Create Authorization Create extended object definition ExtendedObject.ModifyACL Authorization Modify ACL for extended object definition ExtendedObject.Read Authorization Read extended object definition JobFolder.Create Authorization Create new job folder JobFolder.Read Authorization Open job folder JobFolder.Write Authorization Add objects to job folder JobGroup.Create Authorization Create new job group JobGroup.Read Authorization Open job group JobGroup.Write Authorization Add objects to job group LinuxSoftware.* Authorization Software authorizations LinuxSoftware.Read Authorization Open depot software PatchSmartGroup.Modify Authorization Modify patch smart group PatchSmartGroup.Read Authorization Open patch smart group PatchSmartGroup.Write Authorization Add new objects into patch smart group Server.Audit Authorization Allow audits on this server Server.Deploy Authorization Allow deploys on this server Server.Discover Authorization Discover this server Server.Read Authorization Read server properties and other metadata ServerGroup.Read Authorization Open server group ServerGroup.Write Authorization Add objects to server group SnapshotJob.* Authorization Snapshot Job management SolarisSoftware.* Authorization Software authorizations SolarisSoftware.Read Authorization Open depot software
correct me if im wrong in any ways.