Hello,
I'm using ePO 5.9.1.
I have a server task that purge old events, including server task log and compliance history.
I'm trying configure special permission set for user, so he can run this task, without administrator permission.
"Create, edit, view, run, and terminate any Scheduler task; view Scheduler tasks results in the Server Task Log" - for Server Tasks page isn't enough.
What permission is needed to purge server task log and compliance history ?
Thank you.
Solved! Go to Solution.
Hi ITSec1,
I checked internally your permission set issue, we do not have specific entry to provide access to purge server task log.
Reason :
Only Global admin account have a permission for them. it make sense that so many things write into server task log.... like run client tasks, automatic response, all server tasks, wakeup call, etc… if anyone purges server task log, it means sometimes, it deletes evidence as well. So ePO is designed in this specific purpose. When we do not have separate entry for server task log purge permission, we cannot give that permission to any particular group.
So it is working as per design.. If you would like to change the way it works, then it will be a PER (Product Enhancement Request).
https://kc.mcafee.com/corporate/index?page=content&id=KB60021
Was my reply helpful?
If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!
Hi ITSec1,
Additionally you have to provide access to Client event and Threat event log under permission set. Providing access only to Server task is not enough. You have to provide access to associated action to the task. However if i add "Purge Server Task log" along with above task, am not able to run the task from the particular user. Without purge server task log am able to run the task.
Let me play around with permission sets and get back to you.
Was my reply helpful?
If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!
Permissions for Client event and Threat event log - it's obvious.
My problem is permission for:
1. purge server task log
2. purge compliance history
May i know what compliance history are you referring. Is it a queries and report or are you referring any specific server task.
Purge compliance history is build-in server task action, you can find it on drop down menu.
This is really interesting. I tested myself in my ePO, i gave maximum permissions to that specific user, still i do not get "edit" or "run" option for "purge server task log" task. I added the user to Global Viewer/Group Admin even created a new permission set and provided maximum permission as well, nothing worked.
@cdinet any idea on this permission set. Do we require any additional privileges.
Moreover i do not have built-in Purge compliance history task in my ePO. There are only two built-in task which is
* Generate Records for McAfee Agent Compliance History Reporting
* VSE: Compliance Over the Last 30 Days
@ITSec1 I will check internally and update you shortly. You may need to log a support ticket to check with Dev.
Was my reply helpful?
If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!
Hi ITSec1,
I checked internally your permission set issue, we do not have specific entry to provide access to purge server task log.
Reason :
Only Global admin account have a permission for them. it make sense that so many things write into server task log.... like run client tasks, automatic response, all server tasks, wakeup call, etc… if anyone purges server task log, it means sometimes, it deletes evidence as well. So ePO is designed in this specific purpose. When we do not have separate entry for server task log purge permission, we cannot give that permission to any particular group.
So it is working as per design.. If you would like to change the way it works, then it will be a PER (Product Enhancement Request).
https://kc.mcafee.com/corporate/index?page=content&id=KB60021
Was my reply helpful?
If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a Solution" if this reply resolves your query!
The rule of thumb you can follow with permission sets is this - if you enable everything possible in a permission set for a non-global admin user and they still can't access a specific function, then that function requires global admin rights. The audit or orion log may show "user does not have permission" entries.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA