AnsweredAssumed Answered

Tagging: Business Units/Asset Groups/Permissions

Question asked by Paul Field on Jun 25, 2013

Hello,  I hope I explain myself well enough to understand. 

 

My Problems

1) To remove the need for business units while still managing permissions.

2) To automate new devices to append to an asset group, tag, or both.

3) To keep concurrent across all VM and Tagging services e.g. Reports, Remediation, Asset Group Tags

 

Details

1) Changes in Business unit (BU) personnel has led to restrictions in permission levels.  Some asset groups (a BU needs to administer) were created by an 'Unassigned' admin.  The result is that these new BU managers cannot administer these asset groups.  Only current solution I can see is to delete the asset groups and have the BU re-create them.  It this my only solution?

Ideally I would love to be able to apply permissions to Tags, to be more specific, the 'Asset groups' tag (and sub tags).  This way, I could re-schedule the scans for 'Asset group Tags' and not Asset Groups, while the BU personnel manages the tags they have been given permission to.  Is permissions to be add to Tags?

 

2) NO MORE MAPS.  Would like to run a light scan and apply devices to a tag, based on a criteria (e.g. add to asset group tag if has certain name or netblock range).  This would remove the need for manually adding devices to an asset group from a map.

The limitations I can see is that currently, if you add a device to an 'Asset Groups' tag, it does not replicate to the main VM asset group Assigned IP list.  This would cause no end of problems with the current setup as some of the VM services are still reliant on Asset Groups, e.g. Authentication and Remediation.  Is the asset group tag replication being looked at, and is there work in the pipeline to apply tagging to auth and rem services?

 

3) As explained above.  It does not look to be concurrent between the Taging interface and the VM interface. Is this correct?

 

Characteristics of my Effective service goal

After recreating BU asset groups to manage permissions, I would like to light scan a domain - append the new devices to an 'asset groups' tag.  The device must replicate to the corresponding VM Asset Group Assigned IP list so authentication and remediation are not affected - Scan - Report on tags and Remediate based on VM Asset Group.

 

Characteristics of my Mature Service goal

I would like to light scan a domain - append the new devices to a pre defined tag criteria with preset permissions applied. - Scan using an authentication record with tags applied - Report and Remediate based on Tags..

 

All opinions welcome

Outcomes