Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Question on privileges and permissions

Created: 19 Dec 2012 • Updated: 21 Dec 2012 | 4 comments
This issue has been solved. See solution.

Hey folks,

NS 7.1

I have a requirement and I am not sure what the best way to go about it is.  We'd like to have some quick delivery tasks that are not available to one particular role (desktop support).  For this role, I've cloned and modified the Level 2 workers. 

My first thought was to create new folder inside Jobs and Tasks > System Jobs and Tasks > Software called "SysAdmin" and then I would use Security Role Manager to remove permissions to the newly created directory.  Unfortunately, the new folder is not visible in the left pane and thus I cannot restrict permissions. 

My Google searching turned up this fine link: 

https://www-secure.symantec.com/connect/forums/altiris-management-scope-permissions#comment-6290491

But I'm afraid it's not helping me.

Suggestions for a better solution, or tips for getting this working would be most appreciated.

Thanks!

gesturgis

Comments 4 CommentsJump to latest comment

Dmitri Dragunov's picture

Hi,

If some Item is not visible in the left pane of the Security Role Manager for selected role, then this item will not be visible for users from this role in console.
 
If you want to add it and restrict some permissions you should click edit button(pencil on the bar) and select items which you want to show to users from this role. And only after that you may add or remove some permissions from selected items.
 
Note: do not forget about Inherited permissions. If you want to remove some of them you should remove it from parent item first.

Regards,

Dmitri

gesturgis's picture

This is not making sense to me.  When I view the role in Security Role Manager, I do not see the new folder that I created in Jobs and Tasks > System Jobs and Tasks > Software, yet when I log onto the Console as a user in that role, I do see the folder. 

I've turned off inheretance at the Software folder.

What could be going on here?

Dmitri Dragunov's picture

Does your account which you are using for modifying the custom role belongs to Symantec Administrators role?

Also please verify that you user do not belongs to another role which has access to see that folder. Open Settings -> Security -> Account Management -> select Accounts in the left panel -> select account in the list on the middle of the page -> open Member Of tab in the right side of the page.

After that verify all that roles from the list in the Security Role Manager, I guess that some of them, has access to this folder. Then why you can see this folder when you log onto the Console as a user from the custom role.

SOLUTION
gesturgis's picture

Yes!  Thanks Dmitri.  The test user also had the Tier 1 role (from an earlier testing attempt).