An update on this. I have been working with Symantec support for a few months on this, but keep getting to a point were they won't suppot custom roles.
We want the SMA on all our PC and Servers.
In SMP
We want only Symantec Administrators to have access to both PCs and Servers.
We want a role that gives access only to PCs.
We want a role that gives access only to Servers.
We want an asset manager role that can run reports on PCs and Servers but no other tasks, eg Power Control.
We currently have servers 1 in OG, and PCs in a separate OG.
I'm having issues removing access to servers from existing roles, I haven't yet tried a new role like in the video in my first post because I don't know enough to give the roles required permissions for stuff like Patch Management and creating new Software Resource.
I cloned Symantec Level 2 Workers, to XX Symantec Level 2, test member could see Servers OG even though it didn't show in Security Role Manager, I had to remove XX Symantec Level 2 as a member of other roles like Software Libririan and Patch Management Admin, then the member can not see the servers (good) but also can't do patch management tasks or create new software resouces.
Am I over complicating this? If I start from new role how do I know what permissions to give the users? I just want an almost admin level role, but with only access to the PCs and no access to the servers.