We are on 10.23 version. We have a large number (~70) of software policies (containing > 20K rpms) attached to our Linux servers and users are normally checking server compliance via SA.
A few weeks ago a non-admin user checked the Compliance view, and pressed “scan devices” for all managed servers, that started a huge job on the mesh that lead to mesh outage due to the Compliance SQL query.
This is an enhancement request to ask for the following permissions combination:
-a user should be able to see compliance data but not have the ability to scan devices.
Microfocus support performed an intensive test on SA 10.2 10.5 and 10.6 and under each circumstances both compliance view on software policies and scan button are associated.
For instance if we add a user only to OOTB "compliance auditors" user group, by default as you can see below we can see software policy compliance and “scan devices” is enabled. (screenshot below)
If you change Manage software policies permission from read to NO, then both compliance and scan button are missing (expected); screenshot below.
This enhancement is to decouple the 2 things:
--software policy compliance view
--scan button for software policies
Note: This is only for 10.23 as I understand that the calculation of compliance is totally overhauled in 10.5+ whereby only the installed server packages are checked, instead of checking all those that are attached via SW policies.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.