Different user permissions with ePO report database

[Eyas]

Hi

I just wanted to check whether anyone knows of a way to set different permissions for different users in the report database. The scenario is as follows:

We are running ePO in an enviroment with many different sites. Every site has different administrators. Now we would like a certain administrator to be able to access the report database (SQL 7 on a different server) but only get access to data from his/her own site. Does anyone know if it is possible and in that case, how it can be done? My guess is that it can't be done.

Other innovative ideas to solve the problem is also welcome.

T.I.A.

/Eyas

 

[AVDude]

Hi

As long as your administrator can access the ePO console you can in ePO set up reviewers for each site.

Log in to your ePO and click on Manage Administrators.

Choose either a reviewer or a site reviewer and make a new login.

This means that when logging in to the console and only have site reviewer rights they will only see report data for the site in question.



Cheers
AVDude

 

[Eyas]

Great, THX

 

[Eyas]

Hi, Need some help with the config as above. We are running our report database on another server than the one running our ePO-server. The report database is an SQL 2000.

According to the discribtion above you should be able to connect to the SQL with the site reviewer userID. My guess is that you select the ePO auth. then logging in on the SQL but I always get thrown out from the ePO when I try.

Another question. The option HTTP port when choosing ePO auth. Is this the agent communicaion port or what? I'm running standard settings on those but can't connect to port 81.

Thankfull for any help.

 

[AVDude]

Hi

How do you normally, with your admin account, log into the report database? Do you use NT, ePO or SQL verification?
I have the SQL on the same server so I dont really have any experiense with separate SQL.
I'll guess that you need to use SQL authentication if your SQL are setup that way. How would you outside of ePO connect to your SQL?

The port 81 (default in ePO) are the communication port for the console.

From the manual:

Select Use an existing database on the network if you want to use an MSDE or SQL Server database you previously installed on the network.

This option is always available.

Selecting this option also makes the network computer list, User Name and Password boxes available for input, and the SQL Server Account and NT Account options available for selection.

– Select or enter the computer you installed an MSDE or SQL
Server database on. If you have MDAC 2.1 or later installed, the network computer list shows computers with database servers in the current domain. If your database server is not in this list, you can enter it manually.

– Select SQL Server Account if you set up your MSDE or SQL
Server 7 database to use SQL authentication. If you select this option you must enter a valid user name and password for the database.

– Select NT Account if you set up your MSDE or SQL Server 7
database to use NT authentication. Selecting this option also makes the Domain box available for input. If you select this option you must enter a valid domain, user name, and password.

NOTE: To use the SQL Server database on a computer in a
domain that is different from where the ePolicy Orchestrator
console is located, you must configure your SQL connection to use TCP/IP rather than Named Pipes.

Hope this helps.

Cheers
AVDude

 

[Eyas]

Hello

Unfortunatlly it didn't help but thx anyway. We've configured the SQL server so it can use both Named pipes and TCP/IP. Normally I have to connect with SQL auth. If I use NT auth. I gain access to the server but can't se any reports. When I click on an report I get "error generating the report" instead of the report.

FYI: The ePO and the SQL are on different domains. Why make it simple?? No fun in that.

/Eyas

 

[AVDude]

Hi

Hm.. I'll guess that the account you installed ePO with have rights on the SQL in the other domain?

Do you have any perticular reason to have the database in another domain?
If I where you I would go the easy way and have the SQL or MSDE in the same domain.

But that's just me



Cheers
AVDude

 

[Eyas]

Hi.

The account has the necessary rights in both domains. The reason for doing it hte hard way is simply that we have the database server in a more secure domain than we have the ePO server. It's not exactly the KISS-solution but unfortunatly thats what I got to work with. It's all down to money these days ;-)

A well, I guess we'll have to do with the solution at hand. No real biggy though but thanks for your help.

/Eyas

 

[AVDude]

Hi

You could use MSDE that comes with ePO, unless you have more than 10 000 nodes. No extra cost there ;-)

Of course you miss all the extra features in SQL like incremental backup and all that, but the way I see it...
Reports on your AV environment are crucial thing these days.

My 0.02€

Cheers
AVDude