Permissions for BigFix Query

Access to BigFix Query is controlled in the same way as access to other WebUI applications, as described in Permission Effects in the WebUI.

Operators who have access to BigFix Query can:
  • See the Query menu item in the Content menu.
  • See the Query button on the Overview and Device document pages.
  • Access the Query landing page directly by using the URL.
Master Operators can use the BigFix Console to do the following tasks:
  • Set the Custom Content permission to assign Content Creator privileges.
  • Set the Can Submit Queries permission to specify which operators can run queries.
  • Create custom sites to share queries.
  • Assign operator permissions to access the content of a custom site.

Can Submit Queries Permission

The Can Submit Queries permission is an operator-specific or role-specific setting. It controls whether an Operator's request can be submitted to the REST API that supports queries. Because processes other than the BigFix Query also submit such requests, a REST-specific setting for operators is used. This is how the Can Submit Queries permission works:
  • When Can Submit Queries is set to Yes an Operator who submits a query can receive results.
  • When Can Submit Queries is set to No an Operator who submits a query does not receive results. Instead the error message is displayed: The logged in user is not allowed to submit queries.

For more information about configuring BigFix Query optional settings and using its REST API’s, see Getting client information using BigFix Query in the BigFix Platform Configuration Guide. Administrators might be interested in learning how to set query time-out limits for Master Operators and Non-Master Operators.

Custom Content Permission

From BigFix Query Release 2 onwards, and depending on the value assigned to the Custom Content permission, the following types of Non-Master Operator can access the BigFix Query:
Content Creators
They are Non-Master Operators for which the Custom Content permission is set to Yes.
A Content Creator can:
  • Create query categories. Categories are used to group queries.
  • Load sample queries.
  • Create custom queries. Queries must be saved in at least one category.
  • Create or edit parameters in custom queries.
  • Edit the following query information:
    • Title of the query, which is not case-sensitive.
    • Categories and the site to which the query is saved.
    • Description of the query.
    • Relevance expression.
They are Non-Master Operators for which the Custom Content permission is set to No.
Operators can select and run queries belonging to custom sites that they are allowed to access. They can: :
  • Filter queries by categories.
  • Search queries by title.
  • View the descriptions of a query and edit the value of the parameters. Operators use parameters to assign a value to a variable in the query when the query is run. Values assigned to parameters at runtime are not persistent.
  • Select the target devices where to run the query. Targets can be individual devices, manual groups or dynamic groups.
  • Run the query and see the results, if Can Submit Queries is set to Yes.
  • Save the query results to a file.
Operators cannot:
  • See the Relevance expression specified in the query.
  • Save, delete or edit a query.

For more information about how to set the Custom Content permission, see Adding Local Operators.