The 5.7.1 Release Notes state one can disable the Global Search within the Web Console.
How can one disable this on a per user based on their respective Roles within Foglight?
Example1: Disable global search for everyone
Start FMS with switch -Dcom.quest.wcf.disableGlobalSearch=true
Example2: Only allow Advanced Operators to use global search
Step 1 – Revoke permission from Console Users and grant to Advanced Operators (using groovy code below with either the script console or fglcmd –cmd scipt:run) Note the def newRoleWithGlobalSearch section below.
import com.quest.nitro.service.security.core.SecurityConsts;
def securitySrv = server.SecurityService;
def defaultRoleWithGlobalSearch = securitySrv.findRoleByName("Console User");
securitySrv.setResAceByIds(SecurityConsts.SEC_RES_UUID_ACTION_GLOBAL_SEARCH, defaultRoleWithGlobalSearch .getId(), 0, true,"Console user role disallowed to do global search");
def newRoleWithGlobalSearch = securitySrv.findRoleByName("Advanced Operator");
securitySrv.setResAceByIds(SecurityConsts.SEC_RES_UUID_ACTION_GLOBAL_SEARCH, newRoleWithGlobalSearch.getId(), 1, true,"Advanced Operator role allowed to do global search");
Step 2 – Assign the role Advanced Operator to users and groups and let them logout/login
Step 3 - Direct an Advanced Operator user to test whether they can see global search
Example3: Only allow users with a newly created Role to use global search
Step 1 – Create a new role TestRole in the Users and Security dashboard (in your case you might be using a custom role already for dashboard access management, use its name going forward).
Step 2 – Revoke permission from Console Users and grant to TestRole (using groovy code below with either the script console or fglcmd –cmd scipt:run). Note the def newRoleWithGlobalSearch section below.
import com.quest.nitro.service.security.core.SecurityConsts;
def securitySrv = server.SecurityService;
def defaultRoleWithGlobalSearch = securitySrv.findRoleByName("Console User");
securitySrv.setResAceByIds(SecurityConsts.SEC_RES_UUID_ACTION_GLOBAL_SEARCH, defaultRoleWithGlobalSearch .getId(), 0, true,"Console user role disallowed to do global search");
def newRoleWithGlobalSearch = securitySrv.findRoleByName("TestRole");
securitySrv.setResAceByIds(SecurityConsts.SEC_RES_UUID_ACTION_GLOBAL_SEARCH, newRoleWithGlobalSearch.getId(), 1, true,"TestRole role allowed to do global search");
Step 2 – Assign the role TestRole to users and groups and let them logout/login
Step 3 - Let a user with assigned TestRole test whether they can see global search
