Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

What permissions are required on SMP 7.1 to "unmanage" software

Created: 06 Nov 2012 • Updated: 29 Nov 2012 | 8 comments
This issue has been solved. See solution.

Quick question that we’re drawing a blank on in terms of security & permissions uising the Software Catalog on SMP 7.1

 

(See screenshot)

We’re trying to fine tune the permissions to specific roles\perms and one action we can’t identify is how to move an item from the catalog and move it to the “Unmanaged software” windows using the  > button once the software Newly discovered/undefined software entry is selected.

We get a "You do not have permissions to perform this action".

Any ideas? Where is this privilige defined?

 

 

 

 

Comments 8 CommentsJump to latest comment

Mistral's picture

Privileges are configured on the roles.

 

Just guessing for unmanaging software:

- Either: Software Management Framework Privileges -> Manage Software Resources

- Or: Software Management -> Create software products

or both.

Or did u try them already?

Andrew Bosch's picture

Check your NS logs - it might give you some more detail around the error.  I'm going to guess that you don't have write permission on the software resource or to the data classes that are updated when moving to Unmanaged (Inv_Software_Component_State).

------------------------------------
Sr. Principal SQA Engineer
Symantec

Thunder_Chicken's picture

Thanks Mistral & Andrew.

 

It does look like a permission error on data class "Inv_Software_Component_State" (log entry as suggested confirms this) but I can't see that defined as a data class on the console. I can see the table on the DB though.

Software Component is the closest data class to it!

Does it maybe have an alias define don the console?

The Gaffer's picture

The Software Component State data class inherits its permissions from the Application Metering folder. You can give the users read/write permissions to this folder using the Security Role Manager in order to allow them to Manage/Unmanage software components.

Thunder_Chicken's picture

Thanks to all we finally sorted this.

As Andrew suggested and The Gaffer confirmed it was the App Metering folder that inherited the permissions to the Inv_Software_Component_State table.

Now resolved and thanks again to all.

Thunder_Chicken's picture

Along the sames lines I now can't save a "Software Product" whewn adding it to the 'Managed Software' list, again with permission errors.

 

This time the logs says that it is permission errors to "Inv_Software_Product_Version" data class that are the issue but I cannot see where these permissions for this trable are defined. It's not a definable SMP console dataclass. Is this another with inherited permissions from a folder?

Andrew Bosch's picture

It's a hidden dataclass under Inventory->Default Folder.

------------------------------------
Sr. Principal SQA Engineer
Symantec

SOLUTION
The Gaffer's picture

You can trace which folder the dataclass is defined under by running this query against the database:

SELECT vi2.[Name] + ' > ' + vi.[Name] [Folder]
  FROM [DataClass] dc
  INNER JOIN [SecurityEntity] se
  ON se.Guid = dc.Guid
  INNER JOIN [vItem] vi
  ON vi.Guid = se.ParentGuid
  INNER JOIN [ItemFolder] fld
  ON vi.Guid = fld.[ItemGuid]
  LEFT OUTER JOIN [vItem] vi2
  ON vi2.Guid = fld.ParentFolderGuid
  where DataTableName = 'Inv_Software_Product_Version'

The output from this query should be Inventory > Default Folder.

The Software Product Version dataclass inherits its permissions from this folder, so giving your users read/write access to this folder will give them the appropriate permissions to save Software Products.

You should be able to plug any table name in to the query above to find where it is defined in the security hierarchy.