Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
- Permissions reference
- Server objects permissions
- Server property and reboot permissions
- Device group permissions
- Server Agent deployment permissions
- Virtualization service management permissions
- OS Provisioning permissions
- Software Management Permissions
- Chef Cookbook management permissions
- Application configuration management permissions
- Patch Management for Windows Permissions
- Patch management for Ubuntu permissions
- Patch Management for Solaris Permissions
- Solaris patch policy management permissions
- Patch Management for Other UNIX Permissions
- Audit and remediation permissions
- Compliance view permissions
- Job permissions
- Script execution permissions
- Flow permissions for Operations Orchestration
- Service Automation Vizualizer permissions
Audit and Remediation permissions
The Audit and Remediation user action permissions table specifies the Audit and Remediation permissions required by users to perform specific actions in the SA Client. For security administrators, the table answers this question: To perform a particular action, what permissions does a user need?
In addition to the permissions listed in the Audit and Remediation user action permissions table, every user action also requires the Managed Servers and Groups permission.
- Server permissions for Audit and Remediation
- Audit and Remediation permissions
- OGFS permissions for Audit and Remediation
- Audit and Remediation user action permissions
Server permissions for Audit and Remediation
Audit and Remediation actions require both action and server permissions. For example, the Create Audit action requires the action permission “Manage Audit: Read & Write” and the Managed Servers and Groups permission. This action also needs Read permission on the server referenced by the Audit. In the table that follows, the Server Permission column is for the servers referenced by the Audit or Snapshot Specification - depending on the action. Server permissions are specified by the customer, facility, and device groups permissions in the SA Client.
If an Audit and Remediation object (such as a snapshot specification) references multiple servers, at a minimum, Read permission is required for all servers referenced. Otherwise, the object cannot be viewed or modified.
Audit and Remediation objects are not directly associated with customers and facilities. Customer and facility permissions do control access to servers that are referenced by Audit and Remediation objects, such as snapshot specifications and audits.
Allow Create Task Specific Policy permission for audit and remediation
As a best practice, do not enable this permission—do not set this permission to “Yes.” By default, this permission is disabled—it is already set to “No.” It is recommended that you create audit rules in an audit policy and then, subsequently, link audit tasks and snapshot specifications to that audit policy.
OGFS permissions for Audit and Remediation
For the actions that access a managed server’s file system, the OGFS Read Server File System permission is required. For example, the Read Server File System permission is required to create a snapshot specification with rules that include the files of a managed server. Such rules include Application Configurations, Custom Scripts, COM+ objects, File System, IIS Metabase entries, and Windows Registry.
Other types of selection criteria require the corresponding OGFS permissions:
- Read Server Registry
- Read COM+ Database
- Read IIS Metabase
Audit and Remediation user action permissions
The following table lists typical Audit and Remediation user actions and the permissions required to perform them.
|
User Action |
Action Permission |
OGFS Permission |
Server Permission (Customer, Facility, Device Group) |
|---|---|---|---|
|
Snapshot Specification |
|||
|
View contents of Snapshot Specification |
Manage Snapshot Specification: Read & Write |
N/A |
Read & Write |
|
Schedule and run a Snapshot Specification |
Manage Snapshot Specification: Read & Write |
N/A |
Read & Write |
|
Create Snapshot Specification |
Manage Snapshot Specification: Read & Write |
N/A |
Read & Write |
|
Create Application Configuration Rule |
Manage Snapshot Specification: Read & Write |
Write Server File System |
Read & Write |
|
Create COM+ Rule |
Manage Snapshot Specification: Read & Write |
Read COM+ Database |
Read & Write |
|
Create Custom Script Rule |
Manage Snapshot Specification: Read & Write Allow Create Custom Script Policy Rules: Yes. |
Write Server File System |
Read & Write |
|
Create Files |
Manage Snapshot Specification: Read & Write |
Write Server File System |
Read & Write |
|
Create IIS Metabase Rule |
Manage Snapshot Specification: Read & Write |
Read IIS Metabase |
Read & Write |
|
Create Registry Rule |
Manage Snapshot Specification: Read & Write |
Read Server Registry |
Read & Write |
|
Link Audit Policy into Snapshot Specification |
Manage Snapshot Specification: Read & Write Manage Audit Policy: Read Library Folder: Read |
N/A |
Read & Write |
|
Import Audit Policy into Snapshot Specification |
Manage Snapshot Specification: Read & Write Manage Audit Policy: Read Library Folder: Read |
N/A |
Read & Write |
|
Save As Audit Policy |
Manage Snapshot Specification: Read & Write Manage Audit Policy: Read & Write Library Folder: Read & Write |
N/A |
Read & Write |
|
Snapshots |
|||
|
View, list contents of a Snapshot |
Manage Snapshot: Read Manage Snapshot Specification: Read |
N/A |
Read |
|
Create Audit from Snapshot |
Manage Snapshot: Read Manage Snapshot Specification: Read Manage Audit: Read |
N/A |
Read |
|
View Archived Snapshot |
Manage Snapshot: Read |
N/A |
Read |
|
Create Audit from archived Snapshot |
Manage Snapshot: Read Manage Audit: Read |
N/A |
Read |
|
Delete Snapshot results |
Manage Snapshot: |
N/A |
Read & Write |
|
Detach Snapshot from a server |
Allow General Snapshot Management: Yes Manage Snapshot: Read & Write Manage Snapshot Specification: Read |
N/A |
Read |
|
Remediate Snapshot results |
Manage Snapshot: Read Manage Snapshot Specification: Read Allow Remediate Audit/Snapshot Results: Yes |
N/A |
Read & Write |
|
Remediate Snapshot Results: Application Configuration |
Manage Snapshot: Read Allow Remediate Audit/Snapshot Results: Yes Manage Snapshot Specification: Read |
Write Server File System |
Read & Write |
|
Remediate Snapshot Results: COM+ |
Manage Snapshot: Read Allow Remediate Audit/Snapshot Results: Yes Manage Snapshot Specification: Read |
Read COM+ Database |
Read & Write |
|
Remediate Snapshot Results: Custom Scripts |
Manage Snapshot: Read Allow Remediate Audit/Snapshot Results: Yes Manage Snapshot Specification: Read |
Write Server File System |
Read & Write |
|
Remediate Snapshot Results: File System |
Manage Snapshot: Read Allow Remediate Audit/Snapshot Results: Yes Manage Snapshot Specification: Read |
Write Server File System |
Read & Write |
|
Remediate Snapshot Results: Metabase |
Manage Snapshot: Read Allow Remediate Audit/Snapshot Results: Yes Manage Snapshot Specification: Read |
Read IIS Metabase |
Read & Write |
|
Remediate Snapshot Results: Registry |
Manage Snapshot: Read Allow Remediate Audit/Snapshot Results: Yes Manage Snapshot Specification: Read |
Read Server Registry |
Read & Write |
|
Audits |
|||
|
View an Audit |
Manage Audit: Read |
N/A |
Read & Write |
|
Run an Audit |
Manage Audit: Read |
N/A |
Read & Write |
|
Schedule an Audit |
Manage Audit: Read |
N/A |
Read & Write |
|
Create an Audit |
Manage Audit: Read & Write |
N/A |
Read |
|
Create Application Configuration Rule |
Manage Audit: Read & Write |
Write Server File System |
Read & Write |
|
Create COM+ Rule |
Manage Audit: Read & Write |
Read COM+ Database |
Read & Write |
|
Create Custom Script Rule |
Manage Audit: Read & Write Allow Create Custom Script Policy Rules: Yes |
Write Server File System |
Read & Write |
|
Create Discovered Software Rule |
Manage Audit: Read & Write Manage Server Modules: Read |
N/A |
Read & Write |
|
Create Files Rule |
Manage Audit: Read & Write |
Write Server File System |
Read & Write |
|
Create Hardware Rule |
Manage Audit: Read & Write |
N/A |
Read & Write |
|
Create IIS Metabase Rule |
Manage Audit: Read & Write |
Read IIS Metabase |
Read & Write |
|
Create Internet Information Server Rule |
Manage Audit: Read & Write |
N/A |
Read & Write |
|
Create Registered Software Rule |
Manage Audit: Read & Write Manage Server Modules: Read |
N/A |
Read & Write |
|
Create Software Rule |
Manage Audit: Read & Write |
N/A |
Read & Write |
|
Create Weblogic Rule |
Manage Audit: Read & Write Manage Server Modules: Read |
N/A |
Read & Write |
|
Create .NET Framework Configurations Rule |
Manage Audit: Read & Write Manage Server Modules: Read |
N/A |
Read & Write |
|
Create Windows Registry Rule |
Manage Audit: Read & Write |
Read Server Registry |
Read & Write |
|
Create Windows Services Rule |
Manage Audit: Read & Write |
N/A |
Read & Write |
|
Create Windows/UNIX Users and Groups Rule |
Manage Audit: Read & Write Manage Server Modules: Read |
N/A |
Read & Write |
|
Link an Audit Policy into an Audit |
Manage Audit: Read & Write Manage Audit Policy: Read SA Client Library Folder: Read |
N/A |
Read & Write |
|
Import an Audit Policy into an Audit |
Manage Audit: Read & Write Manage Audit Policy: Read Library Folder: Read |
N/A |
Read & Write |
|
Save as Audit Policy |
Manage Audit: Read & Write Manage Audit Policy: Read & write Library Folder: Read & Write |
N/A |
Read & Write |
|
Audit Results |
|||
|
View Audit Results |
Manage Audit Results: Manage Audit: Read |
N/A |
Read |
|
View Archived Audit Results |
Manage Audit: Read |
N/A |
Read |
|
Delete Audit Results |
Manage Audit Results: |
N/A |
Read & Write |
|
Remediate Audit Results |
Manage Audit: Read Manage Audit Results: Read & Write Allow Remediate Audit/Snapshot Results: Yes |
N/A |
Read & Write |
|
Remediate Audit Results: Application Configuration |
Manage Audit: Read Manage Audit Results: Read & Write Allow Remediate Audit/Snapshot Results: Yes |
Write Server File System |
Read & Write |
|
Remediate Audit Results: COM+ |
Manage Audit: Read Manage Audit Results: Read & Write Allow Remediate Audit/Snapshot Results: Yes |
Read COM+ Database |
Read & Write |
|
Remediate Audit Results: Custom Script Rule |
Manage Audit: Read Manage Audit Results: Read & Write Allow Remediate Audit/Snapshot Results: Yes |
Write Server File System |
Read & Write |
|
Remediate Audit Results: Discovered Software |
Manage Audit: Read Manage Audit Results: Read & Write Allow Remediate Audit/Snapshot Results: Yes Manage Server Module: Read Allow Execute Server Modules: Yes |
N/A |
Read & Write |
|
Remediate Audit Results: Files |
Manage Audit: Read Manage Audit Results: Read & Write Allow Remediate Audit/Snapshot Results: Yes |
Write Server File System |
Read & Write |
|
Remediate Audit Results: IIS Metabase |
Manage Audit: Read Manage Audit Results: Read & Write Allow Remediate Audit/Snapshot Results: Yes |
Read IIS Metabase |
Read & Write |
|
Remediate Audit Results: Remediate Internet Information Server |
Manage Audit: Read Manage Audit Results: Read & Write Allow Remediate Audit/Snapshot Results: Yes |
Read IIS Metabase |
Read & Write |
|
Remediate Audit Results: Remediate Discovered Software |
Manage Audit: Read Manage Audit Results: Read & Write Allow Remediate Audit/Snapshot Results: Yes Manage Server Module: Read Allow Execute Server Modules: Yes |
N/A |
Read & Write |
|
Remediate Audit Results: Remediate Software |
Manage Audit: Read Manage Audit Results: Read & Write |
N/A |
Read & Write |
|
Remediate Audit Results: Remediate Weblogic |
Manage Audit: Read Manage Audit Results: Read & Write Allow Remediate Audit/Snapshot Results: Yes Manage Server Module: Read Allow Execute Server Modules: Yes |
N/A |
Read & Write |
|
Remediate Audit Results: Remediate Windows .NET Framework Configurations |
Manage Audit: Read Manage Audit Results: Read & Write Allow Remediate Audit/Snapshot Results: Yes Manage Server Module: Read Allow Execute Server Modules: Yes |
N/A |
Read & Write |
|
Remediate Audit Results: Windows Registry |
Manage Audit: Read Manage Audit Results: Read & Write Allow Remediate Audit/Snapshot Results: Yes |
Read Server Registry |
Read & Write |
|
Remediate Audit Results: Windows Services |
Manage Audit: Read Manage Audit Results: Read & Write Allow Remediate Audit/Snapshot Results: Yes |
N/A |
Read & Write |
|
Remediate Audit Results: Remediate Windows/UNIX Users and Groups |
Manage Audit: Read Manage Audit Results: Read & Write Allow Remediate Audit/Snapshot Results: Yes Manage Server Module: Read Allow Execute Server Modules: Yes |
N/A |
Read & Write |
The User Actions Allowed by Audit and Remediation Permissions table lists the actions that users can perform for each Audit and Remediation permission. The User Actions Allowed by Audit and Remediation Permissions table has the same data as the Audit and Remediation user action permissions table, but is sorted by action permission. Although it is not indicated in the User Actions Allowed by Audit and Remediation Permissions table, the Managed Servers and Groups permission is required for all Audit and Remediation actions.
For security administrators, the User Actions Allowed by Audit and Remediation Permissions table answers this question: If a user is granted a particular action Audit and Remediation permission, what actions can the user perform?
|
Action Permission |
User Action |
OGFS Permission |
Server Permission (Customer, Facility, Device Group) |
|---|---|---|---|
|
Allow Create Custom Script Rule Policy: No and Manage Audit: Read |
View Custom Script Rule: Audit |
N/A |
Read |
|
Allow Create Custom Script Rule Policy: Yes and Manage Audit: Read & Write |
Create Custom Script Rule: Audit |
Write Server File System |
Read & Write |
|
Allow Create Custom Script Rule Policy: No and Manage Snapshot: Read & Write |
View Custom Script Rule: Snapshot |
N/A |
Read |
|
Allow Create Custom Script Rule Policy: Yes and Manage Snapshot: Read & Write |
Create Custom Script Rule: Snapshot |
Write Server File System |
Read & Write |
|
Allow General |
Detach Snapshot from a server |
N/A |
Read |
|
Manage Snapshot Specification: Read and Allow Remediate Audit/Snapshot Results: No and Manage Audit or Manage Snapshot: Read |
View Audit or Snapshot, No Remediation |
N/A |
Read |
|
Manage Snapshot Specification: Read and Allow Remediate Audit/Snapshot Results: Yes and Manage Audit or Manage Snapshot: Read & Write |
Remediate Audit/Snapshot Results |
N/A |
Read & Write |
|
Manage Snapshot Specification: Read and Allow Remediate Audit/Snapshot Results: Yes and Manage Audit or Manage Snapshot Results: Read & Write |
Remediate Application Configuration Rule |
Write Server File System |
Read & Write |
|
Remediate COM+ Rule |
Read COM+ Database |
Read & Write |
|
|
Remediate Custom Script Rule Registry Rule |
Write Server File System |
Read & Write |
|
|
Remediate File System Rule |
Read IIS Metabase |
Read & Write |
|
|
Remediate IIS Metabase Rule |
Read Server Registry |
Read & Write |
|
|
Remediate Windows Registry Rule |
Write Server File System |
Read & Write |
|
|
Manage Audit: Read |
View, schedule, run Audit |
N/A |
Read |
| View, schedule, run Audit with custom scripts in it | N/A | Read & Write | |
|
Manage Audit: Read & Write
|
Create, edit, delete Audit |
N/A |
Read & Write |
|
Save Audit as Audit Policy |
N/A |
Read & Write |
|
|
Link Audit Policy into Audit |
N/A |
Read & Write |
|
|
Create Application Configuration Rule |
Write Server File System |
Read & Write |
|
|
Create COM+ Rule |
Read COM+ Database |
Read & Write |
|
|
Create File System Rule |
Write Server File System |
Read & Write |
|
|
Create IIS Metabase Rule |
Read IIS Metabase |
Read & Write |
|
|
Create Window Registry Rule |
Read Server Registry |
Read & Write |
|
|
Manage Audit: Read & Write and Allow Create Custom Script Policy Rules: Yes |
Create Custom Scripts Rule |
Write Server File System |
Read & Write |
|
Manage Audit: Read & Write and Manage Server Module: Read |
Create the following Audit Rules: Discovered Software Registered Software Windows .NET Framework Configurations Windows Users and Groups |
N/A |
Read & Write |
|
Manage Audit Results: Read |
View Audit Results |
N/A |
Read |
|
Manage Audit Results: Read & Write |
Delete Audit Results |
N/A |
Read & Write |
|
Manage Snapshot Specification: Read & Write |
View, schedule, run Snapshot Specification |
N/A |
Read |
| View, schedule, run Snapshot Specification with custom scripts in it | N/A | Read & Write | |
|
Manage Snapshot Specification: Read & Write
|
Create, edit, and delete Snapshot Specification |
N/A |
|
|
Save Snapshot Specification as Audit Policy (This action requires Read & Write for the library folder where policy lives.) |
N/A |
|
|
|
Link Audit Policy Into Audit |
N/A |
Read & Write |
|
|
Create Application Configuration Rule |
Write Server File System |
Read & Write |
|
|
Create COM+ Rule |
Read COM+ Database |
Read & Write |
|
|
Create Discovered Software |
|
|
|
|
Create File System Rule |
Write Server File System |
Read & Write |
|
|
Create IIS Metabase Rule |
Read IIS Metabase |
Read & Write |
|
|
Create Windows Registry Rule |
Read Server Registry |
Read & Write |
|
|
Manage Snapshot Specification: Read & Write and Manage Server Module: Read |
Create the following Snapshot Rules: Discovered Software Registered Software Windows .NET Framework Configurations Windows Users and Groups |
N/A |
Read & Write |
|
Manage Snapshot Specification: Read & Write and Create Custom Script Policy Rule |
Create Custom Rule for Snapshot Specification |
Write Server File System |
Read & Write |
|
Manage Snapshot: Read |
View contents of Snapshot |
N/A |
Read |
|
Manage Snapshot: |
Delete Snapshot results |
N/A |
Read & Write |
|
Manage Audit Policy: Read |
View contents of Audits and Snapshot Specifications |
N/A |
Read |
| Manage Audit Policy: Read & Write |
Create, edit Audit Policy |
N/A |
Read & Write |
| Create Application Configuration Rule |
Write Server File System | Read & Write | |
| Create COM+ Rule | Read COM+ Database | Read & Write | |
| Create File System Rule | Write Server File System | Read & Write | |
| Create IIS Metabase Rule | Read IIS Metabase | Read & Write | |
| Create Windows Registry Rule | Read Server Registry | Read & Write | |
|
Manage Audit Policy: Read & Write Manage Server Module: Read |
Create the following Snapshot Rules: Discovered Software Registered Software Windows .NET Framework Configurations Windows Users and Groups |
N/A |
Read & Write |
|
Manage Audit Policy: and Allow Create Custom Script Policy Rule |
Create Custom Script Rule |
Write Server File System |
Read & Write |
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to hpe_sa_docs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: