HI,
About access rights
By default, administrators have access to all features in a single domain. That is, the administrator can view and run reports, manage groups, remotely run commands, manage installation packages, and manage policies for that domain. The administrator can also run reports on all groups in the domain, except for any groups that migrated from Symantec AntiVirus 10.x. You must explicitly configure reporting rights to these migrated groups.
Also, you can grant site rights to administrators to authorize them to fully manage a site, which includes managing the database and servers. When you create a new administrator, the administrator is not authorized to manage sites. You must explicitly grant site privileges to allow the administrator to fully manage sites in a single domain.
By default, limited administrators do not have any access rights. You must explicitly configure reporting rights, group rights, command rights, site rights, installation package rights, and policy rights for this type of administrator.
|
Note:
|
Parts of the user interface are not available to limited administrators when you restrict access rights.
|
Table: Types of access rights
|
Type of access rights
|
Description
|
|
Reporting rights
|
For administrators, specifies the server groups that run Symantec AntiVirus 10.x for which the administrator can view reports. Administrators can view all other reports.
For limited administrators, specifies all the computers for which the administrator can run reports. Also specifies the server groups that run Symantec AntiVirus 10.x for which the administrator can view reports.
|
|
Group rights
|
For limited administrators only, specifies which groups the limited administrator can view and manage (full access), can view only (read-only access), or cannot view (no access).
|
|
Command rights
|
For limited administrators only, specifies which commands the limited administrator can run on the client computers. The limited administrator can only run these commands on the clients and groups that they have full access for.
Command rights are only available if reporting rights or group rights are configured for the limited administrator.
|
|
Site rights
|
Specifies the authorization level to manage the selected site. You can choose to authorize full management or no management of the selected site. Additionally, for a limited administrator, you can specify database access privileges and server access privileges for the selected site.
|
|
Package rights
|
For limited administrators only, specifies either read only access or full access to installation packages.
|
|
Policy rights
|
For limited administrators only, specifies which policies and policy-related settings the administrator can manage.
|
|
Only allow location-specific editing
|
For limited administrators only, limits the ability of the limited administrator to create and modify non-shared policies only
|
Administrators who fully authorized to manage a site can modify the site rights of other administrators and limited administrators, though they cannot modify the site rights for themselves. System administrators must modify site privileges for administrators who are fully authorized to manage a site.
Limited administrators cannot change the site rights of administrators. Limited administrators can change the site rights of other limited administrators with equal or less restrictive site privileges.
Configuring the access rights for a limited administrator
If you add an account for a limited administrator, you must also specify the administrator's access rights. Limited administrator accounts that are not granted any access rights are created in a disabled state and the limited administrator will not be able to log on to the management server.
|
Note:
|
Reporting rights are required to integrate Symantec Endpoint Protection Manager with Symantec Protection Center version 1. Ensure that you grant reporting rights to any limited administrators who use Protection Center version 1 to access the Symantec Endpoint Protection Manager console. For more information, see the Help for Protection Center version 1.
|
To configure the access rights for a limited administrator
1. In the console, click Admin.
2. On the Admin page, click Administrators.
3. Select the limited administrator.
You can also configure the access rights when you create a limited administrator account.
4. Under Tasks, click Edit Administrator.
5. On the Access Rights tab, check an option, and then click the corresponding button to set the access rights. Click Help for more information.
6. If you want to authorize the limited administrator to create only non-shared policies for a location, check Only allow location-specific policy editing.
7. Click OK.
Regards
Ajin