How to check permissions applied on a computer

book

Article ID: 32504

calendar_today

Updated On:

Products

CA Automation Suite for Data Centers - Configuration Automation CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Remote Control CA Client Automation - Asset Intelligence CA Client Automation - Desktop Migration Manager CA Client Automation - Patch Manager

Issue/Introduction

Summary:

Permissions on computers could be set at 3 level :

• Class "Computer" in a Security Profile.
• on a Asset Group
• Directly on the Computer


So it could be difficult to determine why a user has no permission on a computer.
There is no easy method in ITCM to get the list of permissions applied to a computer
But with a SQL Query we could get this permission list.

 

Instructions: 

1- With Microsoft SQL Server Manager Studio, create this function and procedure on the mdb database :

use mdb
GO
 
CREATE FUNCTION [dbo].[ITCM_GetRights](@ace int)
RETURNS VARCHAR(25) AS
BEGIN
   DECLARE @RIGHTS VARCHAR(25)
   IF @ace=0 RETURN 'No Access'
   IF @ace=255 RETURN 'Full Control (CVRWXDPO)'
   IF @ace=64 RETURN 'View (V)'
   IF @ace=65 RETURN 'Read (VR)'
   IF @ace=81 RETURN 'Manage (VRX)'
   IF @ace=87 RETURN 'Change (VRWXD)'
   SET @RIGHTS=''
   IF (@ace & 128)=128 SET @[email protected]+'C'
   IF (@ace & 64)=64 SET @[email protected]+'V'
   IF (@ace & 1)=1 SET @[email protected]+'R'
   IF (@ace & 2)=2 SET @[email protected]+'W'
   IF (@ace & 16)=16 SET @[email protected]+'X'
   IF (@ace & 4)=4 SET @[email protected]+'D'
   IF (@ace & 8)=8 SET @[email protected]+'P'
   IF (@ace & 32)=32 SET @[email protected]+'O'
   RETURN @RIGHTS
END
 
GO
 
CREATE PROCEDURE [dbo].[ITCM_GetRights_Computer](@ComputerName AS VARCHAR(200)) AS
BEGIN
   SELECT p.name 'Security Profile Name', a.agent_name 'Computer Name',o.ace,dbo.ITCM_GetRights(o.ace) AS 'Rights',
   CASE o.security_level
      WHEN 0 THEN 'Computer Class'
      WHEN 1 THEN 'Asset Group'
      WHEN 2 THEN 'Computer Object'
   END 'Security Level'
   FROM ca_security_profile p, ca_object_ace o, ca_agent a
   WHERE o.security_profile_uuid=p.security_profile_uuid AND o.object_def_uuid=a.object_uuid
   and a.agent_name like @ComputerName and a.agent_type=1
   ORDER BY p.name, a.agent_name
END
GO
 

<Please see attached file for image>

query.jpg
 
 
2- Then procedure ITCM_GetRights_Computer procedure could be used to check the permissions applied on a computers
 
 
Example :
 
- Get Permissions for computer JY-PC2 :
exec ITCM_GetRights_Computer 'JY-PC2'
 
- Get Permissions for computers JY* :
exec ITCM_GetRights_Computer 'JY%'
 
 

<Please see attached file for image>

result2.jpg
 
 
 

Environment

Release: UASIT.99000-12.9-Asset Intelligence
Component:

Attachments

1558699189960000032504_sktwi1f5rjvs16ojz.jpeg get_app
1558699188025000032504_sktwi1f5rjvs16ojy.jpeg get_app