Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Reporting User

Created: 03 Jul 2013 | 6 comments

Is there a way to create a user account that can access log and reporting capabilities, but not have any write/change access to the SEPM console?

Operating Systems:

Comments 6 CommentsJump to latest comment

.Brian's picture

Yes, create whats called a Limited Administrator.

There is an option "View Reports"

http://www.symantec.com/docs/HOWTO80760

About administrator account roles and access rights (Endpoint Protection 12.1.2)

http://www.symantec.com/docs/HOWTO81226

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SebastianZ's picture

Following articles may be of help as well:

About administrators

Article:HOWTO55478  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55478

About access rights

Article:HOWTO55041  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55041

Configuring the access rights for a limited administrator

Article:HOWTO55037  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55037
Sumit G's picture

Check the thread comments

https://www-secure.symantec.com/connect/forums/lim...

Hope it help you.

Regards

Sumit G.

AjinBabu's picture

HI, 

About access rights

By default, administrators have access to all features in a single domain. That is, the administrator can view and run reports, manage groups, remotely run commands, manage installation packages, and manage policies for that domain. The administrator can also run reports on all groups in the domain, except for any groups that migrated from Symantec AntiVirus 10.x. You must explicitly configure reporting rights to these migrated groups.

Also, you can grant site rights to administrators to authorize them to fully manage a site, which includes managing the database and servers. When you create a new administrator, the administrator is not authorized to manage sites. You must explicitly grant site privileges to allow the administrator to fully manage sites in a single domain.

By default, limited administrators do not have any access rights. You must explicitly configure reporting rights, group rights, command rights, site rights, installation package rights, and policy rights for this type of administrator.

Note:

Parts of the user interface are not available to limited administrators when you restrict access rights.

Table: Types of access rights

Type of access rights

Description

Reporting rights

For administrators, specifies the server groups that run Symantec AntiVirus 10.x for which the administrator can view reports. Administrators can view all other reports.

For limited administrators, specifies all the computers for which the administrator can run reports. Also specifies the server groups that run Symantec AntiVirus 10.x for which the administrator can view reports.

Group rights

For limited administrators only, specifies which groups the limited administrator can view and manage (full access), can view only (read-only access), or cannot view (no access).

Command rights

For limited administrators only, specifies which commands the limited administrator can run on the client computers. The limited administrator can only run these commands on the clients and groups that they have full access for.

Command rights are only available if reporting rights or group rights are configured for the limited administrator.

Site rights

Specifies the authorization level to manage the selected site. You can choose to authorize full management or no management of the selected site. Additionally, for a limited administrator, you can specify database access privileges and server access privileges for the selected site.

Package rights

For limited administrators only, specifies either read only access or full access to installation packages.

Policy rights

For limited administrators only, specifies which policies and policy-related settings the administrator can manage.

Only allow location-specific editing

For limited administrators only, limits the ability of the limited administrator to create and modify non-shared policies only

Administrators who fully authorized to manage a site can modify the site rights of other administrators and limited administrators, though they cannot modify the site rights for themselves. System administrators must modify site privileges for administrators who are fully authorized to manage a site.

Limited administrators cannot change the site rights of administrators. Limited administrators can change the site rights of other limited administrators with equal or less restrictive site privileges.

Configuring the access rights for a limited administrator

If you add an account for a limited administrator, you must also specify the administrator's access rights. Limited administrator accounts that are not granted any access rights are created in a disabled state and the limited administrator will not be able to log on to the management server.

Note:

Reporting rights are required to integrate Symantec Endpoint Protection Manager with Symantec Protection Center version 1. Ensure that you grant reporting rights to any limited administrators who use Protection Center version 1 to access the Symantec Endpoint Protection Manager console. For more information, see the Help for Protection Center version 1.

To configure the access rights for a limited administrator

1.    In the console, click Admin.

2.    On the Admin page, click Administrators.

3.    Select the limited administrator.

You can also configure the access rights when you create a limited administrator account.

4.    Under Tasks, click Edit Administrator.

5.    On the Access Rights tab, check an option, and then click the corresponding button to set the access rights. Click Help for more information.

6.    If you want to authorize the limited administrator to create only non-shared policies for a location, check Only allow location-specific policy editing.

7.    Click OK.

Regards

Ajin

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

Create a limited administrator account and provide reporting rights only.

About administrators
 
 
About access rights
 
 
Configuring the access rights for a limited administrator
 
 
How to change Manage Group permissions for Limited Administrators in SEPM for multiple groups.
 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<