When using the Software License Monitoring web console (LDMS 9.6 SP1) with a LDMS user that has been associated to a single scope that include just a certain type of devices, however this user can see all the installed products in all the devices in all the scopes. Also this user is able to see all the computer groups defined in SLM even if these computer groups have been created with queries where this user does not have access because the queries are owned by other users and are not set as public. From my point of view this is a hole in the SLM console security that makes SLM console unfit to be used in a multisite environment where administration is decentralized. Also this is inconsistent with the defined security in the LDMS Windows console where a user is supposed to have acces only to the information assigned to his scope and to the queries he owns only.
For Instance:
The user "USR1" (not an LDMS administrator) has been assigned the scope "ANDROID"
And the only query he owns is the query "ANDROID" that selects only devices with Android OS:
But strange enough, when this user logs in the SLM console he can see all the SLM "Installed Products" for all the registered devices in the LDMS inventory db, whether the product OS is Android, windows or whatever..
Moreover he is also able to select from computer groups any computer group he choses even if those groups has been created from a LDMS query that USR1 does not owns.:
As I said before this is really a lack of security in the SLM console and makes this console pretty useless in a distributed environment where administration of devices and software licenses needs to be keep separate.
Any ideas on how to overcome this issue?