2 results found

1. Role-based access control (RBAC)

   Regulate access to various functionality based on user roles and permissions. This would include granular access to capabilities such as:

   • Logon to KBE
   • Access to specific production images
   • Server/workstation roles
   • Samba share access
   • Differentiate between access to deploy images, and access to log into connected machines as an admin.
   272 votes

   Vote Vote Vote

   Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   1 vote 2 votes 3 votes Remove votes

   You have left! (?) (thinking…)
   planned  ·  30 comments  ·  New Features  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

2. Object History tracking for security auditing

   The KACE SDA currently has no way to audit changes made to any imaging-related objects, including:

   • KBEs
   • System images
   • Pre/Mid/Post install tasks
   • Task Groups

   Coupled with the "all or nothing" approach to permissions in the SDA, this creates an information gap that results in a security concern: how do you know what object or setting change was made, when it was made, and who made it?

   Consider the worst case scenario: a disgruntled SDA Admin on their final day at the company adds a malicious script or application to a post-install task.

   The risks that come with the current model:

   1 - If you have more than one person in the image administration role, there is no way to prove accountability for this act of sabotage.

   2 - If the change is not noticed immediately, there is no way to understand how far back it occurred and therefore no way to assess the true impact in terms of how many systems were imaged with the new configuration.

   The KACE SMA has this functionality in the form of the Object History. Let's add it to the KACE SDA as well so that we can cover our security concerns there as well.

   The KACE SDA currently has no way to audit changes made to any imaging-related objects, including:

   • KBEs
   • System images
   • Pre/Mid/Post install tasks
   • Task Groups

   Coupled with the "all or nothing" approach to permissions in the SDA, this creates an information gap that results in a security concern: how do you know what object or setting change was made, when it was made, and who made it?

   Consider the worst case scenario: a disgruntled SDA Admin on their final day at the company adds a malicious script or application to a post-install task.

   The risks that come with the current model:

   … more

   57 votes

   Vote Vote Vote

   Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   1 vote 2 votes 3 votes Remove votes

   You have left! (?) (thinking…)
   planned  ·  0 comments  ·  New Features  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close