Video Screencast Help

Restricting management rights to a subset of computers

Created: 15 Aug 2011 • Updated: 16 Aug 2011 | 1 comment

I'm not sure if this is a question for this forum on the Notification Server forum but here goes...

I'd like to create user groups where each group has management rights to their subset of computers and doesn't even know that any other computers exist.  I've tried going through the documentation and created a security role, assigned it management rights over a group of computers, and added users to the role.  When I try to open the console using a userid from that role, I'm denied access to the console until I add that userid to the "Symantec Managers" group.  Once I'm a member of the Symantec Managers group, it seems to ignore everything else I've set up, and I have full management rights to everything.  Is what I'm trying to do even possible?  Is there any documentation available that explains how to delegate security on a server that is shared by several departments? This seems to be a problem with both 7.0 and 7.1; some of the nomenclature has changed, but the results are just as strange.

Thanks in Advance,

Mike Ball - Central Michigan University

Discussion Filed Under:

Comments 1 CommentJump to latest comment

MikeBall's picture

OK...following the instructions in the latest version of the Symantec Management Platform User Guide, I have security working a little better; but I can't figure out how to give a department administrator the ability to create FSR media for their machines without giving them the ability to create FSR media for all machines. Is there a way to restrict FSR generation (among other things) to only the machines in a specific Organization Group?