When trying to set up a custom security role for creating and managing software resources there are still security errors when trying to create the software resource. What security permissions need to be in place for a user to do this?
"The current user does not have required permissions to save item."
"Internal Server error. Description: The server encountered a problem while performing the requested action."
"Unhandled exception. Type=System.NullReferenceException Msg=Object reference not set to an instance of an object."
Environment
ITMS 8.x
Cause
The Custom Security Role does not have permissions required for accessing all the items loaded by the UI page. This returns an error like one of errors listed above.
Resolution
In order to create and manage a software resource, the custom security role needs to be set up as follows:
Initial Setup: Navigate to "Settings > Security > Roles". Right-click on the "Security Roles" folder and select "New > Security Role". Provide a name for the security role. Under the Membership tab, add the users or groups that you want to apply the role to.
Privileges: Click the Privileges tab and check any privileges you would like the role to have. At a minimum, the following need to be checked:
Right-Click Menu - Actions
Edit Command Line
Edit Software Resource
Edit Package
Permissions: Open up the Security Role Manager by selecting the General tab and clicking on "Show Security Role Manager Console". Using the View: dropdown, select each view listed below and enable the permissions as described.
All Data Classes - Add 'Read' rights to the following items:
Recommendation: Give New Role 'Read' access to ALL Data Classes.
Resource Management - Set correct status on Filters and Organizational Views
Recommendation: Give New Role 'Read' and 'Write' access on Resource Management. Click Save Changes, and Refresh the left side view.
This gives New Role rights to All Filters and All Computers. You can modify the Filter selection as needed by removing or adding 'Read' permission as needed, after removing the 'Read' on Resource Management.
NOTE: In 8.5 RU2 giving 'Read' and 'Write' permissions to Resource Management resolved the error:
"The current user does not have required permissions to save item."
If New Role DOES NOT need access to All Computers the following is required:
Expand Resources> Organizational Views> Default> All Resources> Asset> Network Resource and select Computer
With "Computer" selected, click "Advanced" in the lower right hand
Uncheck the box for "Inherit the permissions from the . . ."
Click Save changes
In the new popup, click COPY. VERY IMPORTANT DO NOT CLICK REMOVE
Select the name of the New Role you created, and click the red X to remove rights to all computers
This removes the New Role out of viewing all computers
Save changes
Add Computers (Scope) to this New Role by selecting the correct Organizational View and giving it 'Read' permission
If the New Role needs access to specific computers, please consider setting up the environment using KB179081 for ease in Administration.