Highlighted
Absent Member.. Absent Member..
Absent Member..
852 views

UCMDB 10 Credentials storage as CI attribute

Jump to solution

Hello!

 

Customer wants to know if there is a chance to use uCMDB for credentials to be stored and retrived on demand, for their IT security employers.


As i digged the topic i found that there is an option of creating string attribute for any CI with password option.

 

1) But is there a way to set access for different users to different CI's (same type or different) ? So that the owner can also view password, to remind himself or change as it expires.

 

2) Is there a way to hide some attributes on CI from all users except it's owner and dedicated security man?

 

3) Also side question: Are there any directions to manuals and/or best practices on user roles and ownership to CIs?

 

 

Does anyone have practice in field noted in subject?

 

Best Regards

 

0 Likes
1 Solution

Accepted Solutions
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: UCMDB 10 Credentials storage as CI attribute

Jump to solution

In my opinion, this is not such a good idea for several reasons:

1. Permission model for UCMDB is different from standard xNIX approach. There is no owner, group and others. It's based on user/roles.  TomakeCIsinvisibleforsomeusers, multi-tenantneedtobeturnedon. Amountofmaintenance will raise significantly.

2. UCMDB has no option to hide attributes with asterisks. It's possible to hide some attributes from UI, but there is no point to do this if you'll consume this data some day.

3. You could find more details in "Roles Manager Page" in the HP Universal CMDB Administration Guide.

http://support.openview.hp.com/selfsolve/document/KM00245425

 

Regards
-Dmitry Gomel, PMP
Click the Like button at the bottom to say 'Thanks'.

View solution in original post

3 Replies
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: UCMDB 10 Credentials storage as CI attribute

Jump to solution

In my opinion, this is not such a good idea for several reasons:

1. Permission model for UCMDB is different from standard xNIX approach. There is no owner, group and others. It's based on user/roles.  TomakeCIsinvisibleforsomeusers, multi-tenantneedtobeturnedon. Amountofmaintenance will raise significantly.

2. UCMDB has no option to hide attributes with asterisks. It's possible to hide some attributes from UI, but there is no point to do this if you'll consume this data some day.

3. You could find more details in "Roles Manager Page" in the HP Universal CMDB Administration Guide.

http://support.openview.hp.com/selfsolve/document/KM00245425

 

Regards
-Dmitry Gomel, PMP
Click the Like button at the bottom to say 'Thanks'.

View solution in original post

Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: UCMDB 10 Credentials storage as CI attribute

Jump to solution

Hello Dmitriy!

 

Thanks for your opinion. I pretty much also think that there is a heavy security backdoor with such a solution. Also there is logical issue that such information is not related to configuration management issues directly.

 

May be you can also promt to me if there is similiar functionality in CM of latest versions?

0 Likes
Highlighted
Acclaimed Contributor.. Acclaimed Contributor..
Acclaimed Contributor..

Re: UCMDB 10 Credentials storage as CI attribute

Jump to solution

CM is based on UCMDB, so nothing to new there.

Please be advised that UCMDB has secured credential storage used by discovery.

It works fine, but I doubt it could be used via UCMDB UI.

 

What is your current solution is? 

Regards
-Dmitry Gomel, PMP
Click the Like button at the bottom to say 'Thanks'.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.