UIM - How to revoke "Modify Alias" privileges of a user group
search cancel

UIM - How to revoke "Modify Alias" privileges of a user group

book

Article ID: 217358

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

This technical article documents a known issue / defect which is now resolved as part of the June Patch. 

After upgrading to UIM 20.3.3 operator users (and other read only account contact users) are able to modify an Alias of a Device in the Operator Console Inventory tab. 

Environment

Release : 20.3

Component : UIM Operator Console - Inventory

Resolution

This defect is now resolved as part of the ump_operatorconsole_2.10_HF3 package shipped with the June Patch. 

Operator Console 20.3.3 June 2021 Patch
https://support.broadcom.com/download-center/solution-detail.html?aparNo=LU01588&os=MULTI-PLATFORM

Operator Console 20.3.3 June 2021 Patch
https://support.broadcom.com/external/content/release-announcements/CA-Unified-Infrastructure-Management-Hotfix-Index/7233

Additional Information

Please find below the steps documented in the release notes from the "ump_operatorconsole-2.1.0-HF3.txt" file. 

Steps to apply the patch:
=========================
1. Deploy the ump_operatorconsole_2.10_HF3.zip from your local drive to the UIM Server Local Archive.
2. Deploy ump_operatorconsole installation package (version 2.10hf3) from the Archive folder to the OperatorConsole robot.

Configuration:
==============
1. The new permission "OC Device Update" in ACL decides which users can access "Modify Alias" functionality of a Device. 
2. On the primary hub, check the file /Nimsoft/probes/service/distsrv/base_acls.cfg and make sure it has the ACLs below. 
You can manually add them by copy pasting the below. Save the file. 
======

   <OC Device Update>
      name = OC Device Update
      desc = Allow users to update device information
      access = admin
      type = OperatorConsole
   apply_to_existing_acls = Superuser,Administrator,Operator
   </OC Device Update>
   
======

3. In Infrastructure Manager/Admin Console, navigate the distsrv probe on the primary hub.
4. With the distsrv probe selected, press "Ctrl-P" the probe Utility (pu) should appear or launch Probe Utility from AdminConsole.
5. In the probe commandset, select callback set_acl_init with the parameter value "base_acls.cfg". The callback updates the security.cfg with the ACLs, it will not delete any ACLs, nor change any ACLs.
6. In Account Admin section of Operator Console, select the "OC Device Update" permission for all applicable ACLs. It is enabled by default for Superuser, Administrator & Operator.
7. In infrastructure manager, open Security -> Manage Access Control List. Check to make sure the applicable ACL has "OC Device Update" selected.

Powered by Wolken Software