Video Screencast Help

7.5 SP1 Filter Permissions?

Created: 20 Jun 2014 | 7 comments

Does anyone know what the permissions are or where to change them to allow access for Symantec Level 1 or Level 2 to be able to modify and add filter criteria under Manage Computers? They could do this before SP1 but now they don't have permission. The window opens but none of the options appear, the little spinning wheel just spins. If I make them admins, it obviously populates. Any help would be appreciated.

Operating Systems:

Comments 7 CommentsJump to latest comment

aidangullickson's picture

I too, am wondering about this. Did you ever find out the answer? 

Philippe OUVRARD's picture

Same issue, did you find a solution ?

Igor Perevozchikov's picture


Does "Altiris Log Viewer" show any useful warning/error message about missed permissions for your account from "Level 1" or "Level 2" role, when you're opening "Computers" enhanced console page?

If Log viewer will contains this message, then you will be able to determine what exact permission is required to be enabled to allow access for LeveL x worker.

Set additional privileges to allow appropriate role to create a new filters and save them

  • Open SMP Console ⇒ "Settings" ⇒ "Security" ⇒ "Account Management" ⇒ "Roles"
  • Click on "Symantec Level 1 Workers" role ⇒ enable "Create Filters" in "Management Privileges" section and save changes .


⇒ Now your account(s) from "Symantec Level 1 Workers" role will be able to create and save new filters on "Computers" ecv page.

If you would like to allow more other privileges for accounts from different Level workers role, please check other privileges.


  1. Don't forget that, first you can find an answer for your question in Knowledge base
  2. If answer solves your question, then please mark as solution to close a thread
aidangullickson's picture

I ended up opening a support case with Symantec.  It turned out to be a bug in the upgrade process, when we moved to 7.5 SP1 from 7.5, that broke the Level 1 workers group. They instructed me to create a brand new group, set it at the administrator level, then removed the permissions we didn't want that group to have.  It worked perfectly. 

It did not work to create a new group with no permissions, then build up to the permissions we wanted.  I tried that too. We had to create the group at the administrator level, then remove permissions down to what we wanted.

Philippe OUVRARD's picture


Please check permissions in the "security role manager" (Settings / Security / Permissions),

select your "Role"

select View : "All Items"

in the tree view, Settings / Notification Server / Ressources and Data Class Settings / Data Classes

I think that in the right pane : "ressource Management Persmissions" must be check :

  • Read Ressource Association
  • Read Ressource Data
  • Write Ressource Association
  • Write Ressource Data
rafaelfontana's picture

Igor and Philippe posts helped me a lot. Thanks guys.

Sally5432's picture

I'd be worried about removing permissions from the admin role.  There's all kinds of permissions beyond those checkboxes that aren't always apparent.

I ran into this as well -

Solution was to <<Open Security Role Manager (in the SMP Console, Settings>Security>Permissions). Under “All Items” or “Settings” view, select “Computers” (under Settings>Notification Server>Resource and Data Class Settings>Resource Types>Asset Types>IT), click on “Advanced”. It opens a new window. Add the ‘Symantec Level 2 Workers’ (or whatever your tech group is) and check the box for “Read”. Click ‘Save Changes’ and close the window.>>

Hope this helps.

Don't forget to mark posts as helpful if they are, and mark answers as solutions.