Insufficient security

Within the ITNCM-Compliance application, users are bound by ITNCM - Base based permissions, such as the corrective actions they can trigger from the compliance violation queue.

As a requirement, ITNCM-Compliance needs to have at least one user with full approval rights. This means they must have access to the "Manage Work" activity in the ITNCM - Base account administration (this activity allows a UOW to be processed automatically). The reason for this is auto-approval of command sets, and the procedure for sending show commands. It is deemed acceptable for Remedial command set work to be queued up, however show command work may not be.

There are problems associated with having insufficient security to execute remedial command sets. If a user does not have access to the "execute direct commands" activity in the ITNCM - Base account administration (this activity is used for running command sets), ITNCM-Compliance shall pass the command set into ITNCM - Base, where it will sit in the approval queue as a UOW until someone who has the appropriate access approves it. The command set will receive a corresponding UOW ID in ITNCMCompliance, which will be used to identify it, and used also to listen for the UOW to return.

See the ITNCM User Guide for more information about the functioning of the approval queue.