Video Screencast Help

7.5 - Organizational group security permissions

Created: 25 Mar 2014 | 15 comments

Can someone point me in the direction of what permission needs to be added to allow helpdesk techs to add computers to organizational groups?

I assume security role manager is right place to do it - is it resources - highlight the organization group - then write permissions? or write resource data?  or am I in the wrong place entirely?

This was working for techs before I had to redo permissions post 7.5 upgrade.  

Thanks for any tips as always

Operating Systems:

Comments 15 CommentsJump to latest comment

Anton_Nejolov's picture

Hi,

You need to uncheck OG's "Write" permission in "System Permissions" section.

Thanks

Sally5432's picture

uncheck write permission?  maybe is that a typo to check it?

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.

Anton_Nejolov's picture

Of course check! sorry for the typo smiley

Sally5432's picture

I went to Security Role Manager, selected the group techs are in - resources from drop down.

highlighted the OG, selected write permissions under system permissions.

Unfortunately, techs still are unable to move computers to this OG.

:(

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.

Anton_Nejolov's picture

How you try to add Computers to OG?

Using OG's Add button, or using the other OG and "Add to organizational group" in Righ-click menu?

Sally5432's picture

 using the other OG and "Add to organizational group" in Righ-click menu

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.

Anton_Nejolov's picture

If you don't have the right-click option, you need to enable role privilege "Add to Organizational Group" under Right-Click menu section.

If it will not help, please tell me detailed steps how you try to add computers and what you see as result.

 

 

Sally5432's picture

Right click is enabled (and grayed out) for add to organizatoinal group.  

This is what tech is doing "all computers-search for computer name-then right click and try to add to organization group from there"

Techs don't get an error, but computers don't show in newly assigned groups. 

Will let you know when/if I figure it out.  Haven't had a chance to check server log viewer when they try it yet.

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.

Anton_Nejolov's picture

Seems that you don't have write permission on "Computer" OG.

Open SRM and verify that write permission is checked for "All Computer" -> Asset -> Network Resource -> Computer" OG. Also check for "Virtual Machine" OG.

Sally5432's picture

I selected the Role, under view what am I supposed to select?  I tried all items, resources, etc.  I'm not seeing how you're getting to ""All Computer" -> Asset -> Network Resource -> Computer" OG"

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.

Anton_Nejolov's picture

Sorry "All resources" instead of "All Computers". I had no console access at that moment.

Look at the screen for more details.

SRM_connect.jpg

Sally5432's picture

Computer and VM are all set read/write under Default tree structure.

Outside of default, I have my own OG tree structure, the group as a whole has read and write there as well.

 

 

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.

Brandon's picture

Sally did you ever figure out what permission was needed? I can right click and attempt to move the PC to an OG, but it never moves. The only thing I see in the log is:

No resources are added to org. group {GUID of destination OG}

Sally5432's picture

Nope never figured it out.  It's on my list to revisit if we keep the CMS product arround another year.

---
Don't forget to mark posts as helpful if they are, and mark answers as solutions.

Brandon's picture

I ended up tracking down the permissions to make it work after stepping through the Level1 worker role and narrowing out privileges and focusing on resources. Symantec would have to explain why cloning and change permissions are needed on the default resource OV, but see attached.

resources_perms.png