Client Management Suite

 View Only

  • 1.  Question on privileges and permissions

    Posted Dec 19, 2012 06:21 PM

    Hey folks,

    NS 7.1

    I have a requirement and I am not sure what the best way to go about it is.  We'd like to have some quick delivery tasks that are not available to one particular role (desktop support).  For this role, I've cloned and modified the Level 2 workers. 

    My first thought was to create new folder inside Jobs and Tasks > System Jobs and Tasks > Software called "SysAdmin" and then I would use Security Role Manager to remove permissions to the newly created directory.  Unfortunately, the new folder is not visible in the left pane and thus I cannot restrict permissions. 

    My Google searching turned up this fine link: 

    https://www-secure.symantec.com/connect/forums/altiris-management-scope-permissions#comment-6290491

    But I'm afraid it's not helping me.

    Suggestions for a better solution, or tips for getting this working would be most appreciated.

     

    Thanks!

     

    gesturgis

     

     



  • 2.  RE: Question on privileges and permissions

    Posted Dec 20, 2012 09:08 AM

    Hi,

     

    If some Item is not visible in the left pane of the Security Role Manager for selected role, then this item will not be visible for users from this role in console.
     
    If you want to add it and restrict some permissions you should click edit button(pencil on the bar) and select items which you want to show to users from this role. And only after that you may add or remove some permissions from selected items.
     
    Note: do not forget about Inherited permissions. If you want to remove some of them you should remove it from parent item first.

    Regards,

    Dmitri



  • 3.  RE: Question on privileges and permissions

    Posted Dec 20, 2012 12:19 PM

    This is not making sense to me.  When I view the role in Security Role Manager, I do not see the new folder that I created in Jobs and Tasks > System Jobs and Tasks > Software, yet when I log onto the Console as a user in that role, I do see the folder. 

    I've turned off inheretance at the Software folder.

    What could be going on here?



  • 4.  RE: Question on privileges and permissions
    Best Answer

    Posted Dec 21, 2012 04:21 AM

    Does your account which you are using for modifying the custom role belongs to Symantec Administrators role?

    Also please verify that you user do not belongs to another role which has access to see that folder. Open Settings -> Security -> Account Management -> select Accounts in the left panel -> select account in the list on the middle of the page -> open Member Of tab in the right side of the page.

    After that verify all that roles from the list in the Security Role Manager, I guess that some of them, has access to this folder. Then why you can see this folder when you log onto the Console as a user from the custom role.

     



  • 5.  RE: Question on privileges and permissions

    Posted Dec 21, 2012 12:24 PM

    Yes!  Thanks Dmitri.  The test user also had the Tier 1 role (from an earlier testing attempt).