Video Screencast Help

Altiris Roles and create policies but not distribute

Created: 03 Apr 2013 | 4 comments


Im currently trying to create a role which has the ability to create a policy to distribute a software update, but not be allowed to turn it on (or enable it).

Another user who will have more privilges will the examine the policy to approve it. Once approved the policy will get enabled (turned on) by that other user who has the increased privilges

 any suggestions welcome

Operating Systems:

Comments 4 CommentsJump to latest comment

petr_sanda's picture

I don't think that's possible the way you want it. But let's hear from someone who actually knows the product. If that's somehow possible, I will be interested to read it :)

SK's picture

OK, to do this, you would need to prevent them from being able to specify the target for the policy, as the person who is checking over its configuration should assign the target.

To do this, simply ensure that the role does not have the "Create Resource Targets" management privilege assigned to it. Obviously, the members of that role should not be members of any other role that does have that privilege.

The main reason to do that is because only members of a role that creates a target can see that target, unless of course, you are a symantec Administrator.

Not having the system "Read" permission to the "Enable/Disable Policy" task type is an and/or option to the above.

Connect Etiquette: "Mark as Solution" those posts which resolve your problem, and give a thumbs up to useful comments, articles and downloads.