UCMDB and UD Practitioners Forum (Previously CMS)
Showing results for 
Search instead for 
Do you mean 

UCMDB 10 Credentials storage as CI attribute

SOLVED
Go to Solution
Valued Contributor

UCMDB 10 Credentials storage as CI attribute

Hello!

 

Customer wants to know if there is a chance to use uCMDB for credentials to be stored and retrived on demand, for their IT security employers.


As i digged the topic i found that there is an option of creating string attribute for any CI with password option.

 

1) But is there a way to set access for different users to different CI's (same type or different) ? So that the owner can also view password, to remind himself or change as it expires.

 

2) Is there a way to hide some attributes on CI from all users except it's owner and dedicated security man?

 

3) Also side question: Are there any directions to manuals and/or best practices on user roles and ownership to CIs?

 

 

Does anyone have practice in field noted in subject?

 

Best Regards

 

3 REPLIES
HPE Expert

Re: UCMDB 10 Credentials storage as CI attribute

In my opinion, this is not such a good idea for several reasons:

1. Permission model for UCMDB is different from standard xNIX approach. There is no owner, group and others. It's based on user/roles.  TomakeCIsinvisibleforsomeusers, multi-tenantneedtobeturnedon. Amountofmaintenance will raise significantly.

2. UCMDB has no option to hide attributes with asterisks. It's possible to hide some attributes from UI, but there is no point to do this if you'll consume this data some day.

3. You could find more details in "Roles Manager Page" in the HP Universal CMDB Administration Guide.

http://support.openview.hp.com/selfsolve/document/KM00245425

 

Regards
-Dmitry Gomel, PMP
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Click the Like button at the bottom to say 'Thanks'.
Valued Contributor

Re: UCMDB 10 Credentials storage as CI attribute

Hello Dmitriy!

 

Thanks for your opinion. I pretty much also think that there is a heavy security backdoor with such a solution. Also there is logical issue that such information is not related to configuration management issues directly.

 

May be you can also promt to me if there is similiar functionality in CM of latest versions?

HPE Expert

Re: UCMDB 10 Credentials storage as CI attribute

CM is based on UCMDB, so nothing to new there.

Please be advised that UCMDB has secured credential storage used by discovery.

It works fine, but I doubt it could be used via UCMDB UI.

 

What is your current solution is? 

Regards
-Dmitry Gomel, PMP
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Click the Like button at the bottom to say 'Thanks'.
//Add this to "OnDomLoad" event