How do I troubleshoot permission conflicts? (NETIQKB47161)

  • Document ID:7747161
  • Creation Date:02-Feb-2007
  • Modified Date:08-Sep-2008
    • Micro Focus Products:
      Secure Configuration Manager

Resolution

goal
How do I troubleshoot permission conflicts?

fact
NetIQ Vulnerability Manager 5.0

fact
NetIQ Vulnerability Manager 5.5

fix

Console users receive permissions from assigned roles as well as individual permissions you explicitly allow or deny.  Permissions explicitly assigned to a console user override permissions implicitly granted through roles.

The following table shows how the default permissions are applied in response to particular permission settings.  Use this table to help you identify and resolve permission conflicts and inheritance.

_____________________________________________________________________________________________
 If you assign . . .                                                                                      Permission is set to . . . _____________________________________________________________________________________________

No permissions                                                                                                  Deny

One or more permissions that allow the same activity                                     Allow

One or more permissions that deny the same activity                                     Deny

One permission that allows the activity and another permission                      Deny
that denies the same activity

One or more permissions set on a category of tasks, reports                          Allow or deny each task, report, or action in the
or actions                                                                                                           category

One or more permissions set on a group of endpoints                                      Allow or deny activities fo.
r each endpoint in the 
                                                                                                                           group

One or more permissions set on a group of endpoints that                              Allow or deny activities for each endpoint in
contain the same endpoint                                                                                the parentgroup

Conflicting permissions set on two or more groups that contain                       Deny
the same endpoint

Two or more roles that contain conflicting permissions for the                         Deny
same activity

.


note
If you assign permissions to a group of endpoints, and then later add a child group, those permissions are applied to the endpoints in the child group.

note
If you assign permissions to one or more activities in a category, and then later assign additional permissions to the entire category, both sets of permissions are applied.  If the permissions assigned to the category conflict with the permissions assigned to the activities,  the permissions assigned to the category get applied.

note
This information is also in Chapter 6 of the NetIQ Vulnerability Manager5.0 User Guide and Chapter 5 of the NetIQ Vulnerability Manager 5.5 User Guide.

Additional Information

Formerly known as NETIQKB47161