Environment
NetIQ Privileged User Manager
Situation
Administrator wants to grant 'Read only' access to the Host Console within the Privileged User Manager GUI.
Resolution
To configure 'Read only' access, do the following three steps:
First, edit the /opt/novell/npum/service/local/admin/server.def adding
Before:
<Console name="servers" icon="servers/icon.swf" role="unifi.admin" pos="10">
<Title>Agent Console</Title>
<Description>Novell Privileged User Manager Agent Management</Description>
<Package name="servers-2-3" version="2,3,0,2" build="75" rev="23017" rel=""/>
<Uninstall>die
"Operation not allowed";</Uninstall>
<Depends>
<Module name="admin" version="2,1,6,0"/>
</Depends>After:
<Console name="servers" icon="servers/icon.swf" role.0="unifi.admin" role.1="unifi.read" pos="10">
<Console name="servers" icon="servers/icon.swf" role.0="unifi.admin" role.1="unifi.read" pos="10">
<Title>Agent Console</Title>
<Description>Novell Privileged User Manager Agent Management</Description>
<Package name="servers-2-3" version="2,3,0,2" build="75" rev="23017" rel=""/>
<Uninstall>die "Operation not allowed";</Uninstall>
<Depends>
<Module name="admin" version="2,1,6,0"/>
</Depends>
</Console>Second, within the NPUM GUI, select 'Framework User Manager' | create a new group (example: 'Read Only Hosts'). Modify the group and add the following Roles:
Module: Role:
unifi info
unifi read
Third, assign the desired user to the new 'Read Only Hosts' group.
If the user attempts to make configuration changes within the Hosts console, the following Alert will be popped up "You are not authorized to perform this operation"
Additional Information
Note: Any changes via manually editing the server.def file will be overwritten upon applying a NPUM patch.
After patching, you will need to re-apply the changes made in the server.def