1 Reply Latest reply on Feb 16, 2011 1:35 PM by Barry McQuillan

    Minimum authorizations exclusion for admistrative role

      Hey Everyone,

       

      I was wandering what authorizations I need to exclude in order to allow a role to posess all authorizations but be unable to do things like change the authorizations on objects.

       

      Basically, we want to have an administrator role that has the ability to do all things in BladeLogic but we don't want the users to be able to give themselves object level permissions. We also do not want them to be able to add servers or create server groups. I have identified the list below as a start but I wanted to get the communities input.

       

      -->

      All authorizations will be granted to this role except the following:

       

       

      Authorization.*

      AuthProfile.*

       

      Server.Create

       

      ServerGroup.Create

       

      ServerGroup.Modify

       

      ServerGroup.Write

       

      ServerGroup.Delete

       

      User.*

       

       

       

      -->

      o    All authorizations will be granted to this role except the following:

      §  Authorization.*

      §  AuthProfile.*

      §  Server.Create

      §  ServerGroup.Create

      §  ServerGroup.Modify

      §  ServerGroup.Write

      §  ServerGroup.Delete

      §  User.*

      -->

      o    All authorizations will be granted to this role except the following:

      §  Authorization.*

      §  AuthProfile.*

      §  Server.Create

      §  ServerGroup.Create

      §  ServerGroup.Modify

      §  ServerGroup.Write

      §  ServerGroup.Delete

      §  User.*

      Thank you

      Thank you.