Community Help Hub

ITSec1

Hello,

I'm using ePO 5.9.1.

I have a server task that purge old events, including server task log and compliance history.

I'm trying configure special permission set for user, so he can run this task, without administrator permission.

"Create, edit, view, run, and terminate any Scheduler task; view Scheduler tasks results in the Server Task Log" - for Server Tasks page isn't enough.

What permission is needed to purge server task log and compliance history ?

Thank you.

LKS

Hi ITSec1,

I checked internally your permission set issue, we do not have specific entry to provide access to purge server task log.

Reason :

Only Global admin account have a permission for them. it make sense that so many things write into server task log.... like run client tasks, automatic response, all server tasks, wakeup call, etc… if anyone purges server task log, it means sometimes, it deletes evidence as well. So ePO is designed in this specific purpose. When we do not have separate entry for server task log purge permission, we cannot give that permission to any particular group.

So it is working as per design.. If you would like to change the way it works, then it will be a PER (Product Enhancement Request).

https://kc.mcafee.com/corporate/index?page=content&id=KB60021

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!

View solution in original post

LKS

Hi ITSec1,

Additionally you have to provide access to Client event and Threat event log under permission set. Providing access only to Server task is not enough. You have to provide access to associated action to the task. However if i add "Purge Server Task log" along with above task, am not able to run the task from the particular user. Without purge server task log am able to run the task.

Let me play around with permission sets and get back to you.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!

ITSec1

Permissions for Client event and Threat event log - it's obvious.

My problem is permission for:

1. purge server task log

2. purge compliance history

LKS

May i know what compliance history are you referring. Is it a queries and report or are you referring any specific server task.

ITSec1

Purge compliance history is build-in server task action, you can find it on drop down menu.

LKS

This is really interesting. I tested myself in my ePO, i gave maximum permissions to that specific user, still i do not get "edit" or "run" option for "purge server task log" task. I added the user to Global Viewer/Group Admin even created a new permission set and provided maximum permission as well, nothing worked.

@cdinet any idea on this permission set. Do we require any additional privileges.

Moreover i do not have built-in Purge compliance history task in my ePO. There are only two built-in task which is

* Generate Records for McAfee Agent Compliance History Reporting

* VSE: Compliance Over the Last 30 Days

@ITSec1 I will check internally and update you shortly. You may need to log a support ticket to check with Dev.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!

ITSec1

credits to: https://community.mcafee.com/t5/ePolicy-Orchestrator/Automate-deploy-agent-using-Query/td-p/632163

LKS

Hi ITSec1,

I checked internally your permission set issue, we do not have specific entry to provide access to purge server task log.

Reason :

Only Global admin account have a permission for them. it make sense that so many things write into server task log.... like run client tasks, automatic response, all server tasks, wakeup call, etc… if anyone purges server task log, it means sometimes, it deletes evidence as well. So ePO is designed in this specific purpose. When we do not have separate entry for server task log purge permission, we cannot give that permission to any particular group.

So it is working as per design.. If you would like to change the way it works, then it will be a PER (Product Enhancement Request).

https://kc.mcafee.com/corporate/index?page=content&id=KB60021

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!

View solution in original post

cdinet

The rule of thumb you can follow with permission sets is this - if you enable everything possible in a permission set for a non-global admin user and they still can't access a specific function, then that function requires global admin rights. The audit or orion log may show "user does not have permission" entries.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Permission set for purge server task log and compliance history

Re: Permission set for purge server task log and compliance history

Re: Permission set for purge server task log and compliance history

Re: Permission set for purge server task log and compliance history

Re: Permission set for purge server task log and compliance history

Re: Permission set for purge server task log and compliance history

Re: Permission set for purge server task log and compliance history

Re: Permission set for purge server task log and compliance history

Re: Permission set for purge server task log and compliance history

Re: Permission set for purge server task log and compliance history

Community Help Hub

Join the Community