Video Screencast Help
Search Video Help Close Back
to help

Inventory for decentralized staff

Created: 05 Feb 2013 | 2 comments
msgood's picture
msgood Accredited
0 0 Votes
Login to vote

I support a campus that has both centralized and decentralized staff.  Our heirarchy of groups is based on location.  Location is determined by IP address.

Is it possible to create a security group and give them only the ability to assign owners to a system in their group?

 

 

Discussion Filed Under:
, , ,
Group Ownership:

Comments 2 CommentsJump to latest comment

luke.s's picture
luke.s Partner
Inventory for decentralized staff - Comment:05 Feb 2013 : Link

Hi msgood,

You will find some best practices to do this security configuration on this tech: http://www.symantec.com/docs/TECH188388

The section Solution contain the general steps.More information about configuring security for the Symantec Management Platform can be found in its user guide starting on in Chapter 4: Configuring security, page 69:

Symantec Management Platform 7.1 SP2 User Guide
http://www.symantec.com/business/support/index?page=content&id=DOC4730
 
Regards,

If the suggestion has helped to solve your problem, please mark the post as a solution.

Fábio Sanches
Altiris Consultant | Skip Services | www.skipservices.com.br

0
Login to vote
mclemson's picture
mclemson Trusted Advisor Partner Accredited
Inventory for decentralized staff - Comment:06 Feb 2013 : Link

If Locations were created based on IP address, then you already have an Organizational View (Assets by Location) that you can use.

  1. Create a role that performs the actions you want it to perform (and can't perform others)
  2. Assign the role to a test user
  3. Test the role
  4. Edit the role through Security Role Manager; select Resources, then edit.
  5. In the Assets by Location view, uncheck any locations you do not want that role to have access to
  6. In the Default Organizational View, uncheck Computers at All Resources > Assets > Network Resources > Computers
  7. Uncheck any view other than the Assets by Location view and Default view, so that only the Assets by Location and Default views are providing resource access for this role
  8. Test the role
  9. Pilot the role with one or more users for this location/region
  10. Tweak as needed
  11. Clone role, remove users, add test user, and tweak the selections in Assets by Location to do this for the following regions

Does this help?

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com

0
Login to vote