Questions on Restrict permissions for CMDB model hardening setting

Rain Vaine
Kilo Sage

Hello experts,

While browsing and investigating on the security hardening settings, it seems that the 'Restrict Permissions for CMDB Model' security center hardening is compliant even though there is nothing configured to it. See below:

RainVaine_0-1719893682984.png


When I also verified on the properties, I cannot find that property and the plugin mentioned is also not installed,

RainVaine_1-1719893724517.png

RainVaine_2-1719893740421.png

Do anyone of you know why does it show as compliant even though there is nothing configured?
I can see that this behavior is existing also in a number of PDI's

 

Regards,
Vaine



3 REPLIES 3

Slava Savitsky
Giga Sage

The recommendation is to set that property to true IF the plugin is active. If the plugin is not active, the property does not make any difference, so in that case you are compliant regardless of its existence and/or value.

Hello,
But there is an instance in Vancouver PDI with SC in 1.2.0 version with that same setting, the plugin is not active and the property is not visible, it display as non-compliant.

RainVaine_0-1719992538893.pngRainVaine_1-1719992558052.png

RainVaine_2-1719992565506.png

Regards,
Vaine



Note that in this instance there is no IF clause in the description of the setting, which suggests it uses a different logic for evaluation of compliance/non-compliance. Is this instance on the same version as the other one?