KNOWN ISSUE: Disabling ''Enable policy'' permission is not respected for the Security Roles

Article:TECH122137  |  Created: 2010-02-17  |  Updated: 2011-02-10  |  Article URL http://www.symantec.com/docs/TECH122137
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution


Issue



In the Security Role Manager, there is section of permissions titled "Policy Permissions".  This section has two permissions, "Enable Policy" and "Apply to Resource Target".  

 


From what the customer noticed "Enable Policy" never functions as expected and always allows any user the ability to enable any policy even though it is unchecked.

 

Here is an example of this issue (provided steps to duplicate):

 

The 'Enable policy' permission' for 'Altiris Agent Settings - Targeted' page(inherited from any parent folder) appears to have no effect on whether or not 
a role can disable/enable a policy in this page. Furthermore, when I removed the 'Write' permission to this page, I can still enable/disable the policies 
and click the greyed out 'save changes' button in the UI, but doing so will cause a 'The User does not have required permission to save item...' server 
error. 

Steps to duplicate:
1. Go to settings >  Security > Role and clone the Symantec Administrator role
2. Open the Security Role Manager for the cloned role, and select 'Settings' in the View dropdown
3. In the Root folder 'Settings', disable the permission 'Enable Policy' and 'Write'; the 'Altiris Agent Settings - Targeted' page should inherit these permissions.
4. Log in to NS as a user with the cloned security role.
5. Navigate to Settings > Agents/Plug-ins > Targeted Agent Settings
6. select a policy from the left menu, all fields should be greyed out, but the policy on/off switch is still enabled. 
7. Turn on a policy and click 'Save Changes'


Environment



Symantec Management Platform 7.0.7270 SP3


Cause



Known Issue.


Solution



This issue has been fixed with SMP 7.0 SP5


Supplemental Materials

ValueETK 1593317
Description

Logged in Etrack (Symantec) database


Legacy ID



51482


Article URL http://www.symantec.com/docs/TECH122137


Terms of use for this information are found in Legal Notices