Video Screencast Help
Endpoint Management Community Blog

Security Role Manager: Assignment on the Tree Selector Are Not Reflected on the Tree View...

Created: 09 Oct 2012 • Updated: 09 Oct 2012 • 1 comment
Ludovic Ferre's picture
0 0 Votes
Login to vote

I was in Spain helping a customer migrate their 7.1 SP1 servers to 7.1 SP2 Rollup 4, and I encountered a strange issue that I am finding, today, on my test servers as well.

The issue, as the title indicates, relates to the Security Role Manager, and was found in one (the reporting server) for my customer. I still need to create a case and send it to our backline / engineering team, but wanted to reserve the primer to Connect.

Now, to be more precise here is how I found the issue on my server (it's slightly different from the customer server - but the root is the same):

  • Clone the Symantec Admin role
  • Open the Security Role Manager
  • Select the "Resources" view, here is what it looked like:

  • Click on the pen to limit the role view on the Resource tree:

  • Unselected the right granted up-top:

  • Save, the left-hand tree view is unmodified:

  • Going back to the picker shows us the same selection we made (which is correct) but regardless of the tree selector changes we make - the role still see all resources (in the Security Role Manager and for the user alike).

I have tracked the root cause of this issue to the "New Items Folder", that the role is granted access to and the rights (seen on the tree view) are inherited via the "Resource Management" > "notification Server" entities.

I am working on a work around now (I implemented one at my customer but sadly I did not copy the SQL sources) to strip the role of these inherited rights that are preventing the changes made on the Role Manager to be effective.

Comments 1 CommentJump to latest comment

Ludovic Ferre's picture

I found a clean solution - I probably will document it with screen shot a little later, but herre is the text (Short) information:

On the Security Role Manager, select the tree that is granted right it should not have. Normally it's the top-most entry. Click the Advanced button on the permission view, at the right of the pane. Select the role and remove the inherited permissions. Do not copy the permissions when the pop-up asks you if you should copy or delete the permissions.

Abnd this is it. The tree view should then show what is configured in the tree picker.

I am currently off-net, on a retreat of some kind. I'll be back real soon, and you sure will hear from me then ;-).

Ludovic FERRÉ
Principal Remote Product Specialist

Login to vote