Carbon Copy role and scope security
|Article:HOWTO2752|||||Created: 2006-03-14|||||Updated: 2006-04-18|||||Article URL http://www.symantec.com/docs/HOWTO2752|
A role has been created and members/groups added to the role when attempting to "remotely control with carbon copy" and "insufficient access right" message appears.
There is more than one location where the role must be added that will provide the proper privileges to execute a remote-control function using Carbon Copy. If the role is not added to each of these locations, then access rights will be denied when utilizing Carbon Copy remote control.
The best way to explain the correct process to use role in scope security with the carbon copy solution is to provide an example where we require a specific user to have rights to Carbon Copy remote control only when accessing the Notification Server. Here the steps involved in detail regarding each step:
- The initial step is to create and add the actual role. This can be done by going to the Configuration tab and accessing the folder path Configuration/Server Settings/Notification Server Settings/Item Tasks and selecting security role management. From this location, you will click on the icon to add a new role. Enter the name of the actual role. In this example, we will use Carbon Copy. Next, click on the Add button to add the desired users and/or groups to this role. After the users/groups have been located, click Save and you'll see the role appear. With the role highlighted, choose the desired global privileges from the list below of the Role Management screen. Now that the role has been defined, it is time to add the role to the appropriate folders to allow Carbon Copy remote control for this user/groups associated with the role. Click on the Tasks tab and right-click the tasks folder, select Properties and click Add to add the role just defined. When choosing a role in touching select, you'll see a permission selection window appear, click the desired permissions. Read permissions from the Altiris system permissions will be sufficient in allowing Carbon Copy remote control functionality. Adding the role to the Tasks folder in this section will allow for the role definition to propagate to all of the subfolders below and the functionality associated with them.
- The second location that a role must be added is located in the Configuration tab under the folder path Configuration/Notification Server Settings/Item Tasks and select to remote control with Carbon Copy. Highlight and right-click on the Configuration folder and select Properties. Select the Security tab and click Add to add the role. After touching select, choose the desired permission selections of and click Select after clicking Apply the role has been successfully added and should propagate down to the child objects below, namely, the remotely control with Carbon Copy object.
- After these first two steps had been accomplished and, the user/groups defined to the role should now have privileges to utilize the Carbon Copy remote control function. This can be done by specifying the actual computer name from the Computer Name field of the Carbon Copy Web console. If the user selects the “click to select” link, an "Access Denied Message" will appear. To resolve this particular issue click on the Reports tab and select the folder path of Reports/Incident Management/Carbon Copy and highlight the report Carbon Copy agents by version. Right-click on this report and select properties , again, click the security tab and add the role, select permissions and click Apply. You'll notice that the permissions screen is different than when adding a role to a parent folder as opposed to a child or subfolder. Once this is been done, the user can now select from the resource list.
Article URL http://www.symantec.com/docs/HOWTO2752