I was in Spain helping a customer migrate their 7.1 SP1 servers to 7.1 SP2 Rollup 4, and I encountered a strange issue that I am finding, today, on my test servers as well.
The issue, as the title indicates, relates to the Security Role Manager, and was found in one (the reporting server) for my customer. I still need to create a case and send it to our backline / engineering team, but wanted to reserve the primer to Connect.
Now, to be more precise here is how I found the issue on my server (it's slightly different from the customer server - but the root is the same):
- Clone the Symantec Admin role
- Open the Security Role Manager
- Select the "Resources" view, here is what it looked like:
- Click on the pen to limit the role view on the Resource tree:
- Unselected the right granted up-top:
- Save, the left-hand tree view is unmodified:
- Going back to the picker shows us the same selection we made (which is correct) but regardless of the tree selector changes we make - the role still see all resources (in the Security Role Manager and for the user alike).
I have tracked the root cause of this issue to the "New Items Folder", that the role is granted access to and the rights (seen on the tree view) are inherited via the "Resource Management" > "notification Server" entities.
I am working on a work around now (I implemented one at my customer but sadly I did not copy the SQL sources) to strip the role of these inherited rights that are preventing the changes made on the Role Manager to be effective.