IT Management Suite

 View Only
  • 1.  Right-Click security options not presenting in the Console

    Trusted Advisor
    Posted Nov 27, 2013 04:39 PM

    I've created a new 'worker' role for our 7.5 console which has a much restricted console view,

    1.png

    The worker role was built from the ground up by crafting the menus, reports, right-click actions, permissions and privileges as required. 

    One right-click item I've been utterly unable to add to this role is ping. I''ve tried adding system read permissions to the following places in the "Right-Click Menu" branch of the Notification Server settings,

    1. To the original "Ping Computer" task in the Connector samples folder
    2. To a clone of this task in the Remove Management folder
    3. To a item link in the Remote Management folder of the original "Ping Computer" task

    And a pic of the security role manager is shown below,

    3_0.png

    And I've confirmed in the role's privileges that all is well,

    4_0.png

     

    No matter what I do though, I can't seem to make live any other objects other than those that came installed with the product,

     

    2_0.png

     

    Does anyone have a clue where I might be going wrong?

     



  • 2.  RE: Right-Click security options not presenting in the Console

    Posted Nov 28, 2013 04:00 AM

    Have you checked to see if there is an Item Task called Ping?



  • 3.  RE: Right-Click security options not presenting in the Console

    Trusted Advisor
    Posted Nov 28, 2013 05:53 AM

    Thanks for responding SK,

    I should have said that this works fine in the 'Symantec administrators' role, both the following item tasks are visible at the right-click,

    \Settings\Notification Server\Right Click Menu\Remote Management\Try Ping Computer

    and 

    \Settings\Notification Server\Right Click Menu\Connector Samples\Ping Computer

     

    These however refuse to be exposed in the "Altiris Console Worker" role. Hence my thinking there is a permissions oddity here which I'm not understanding.

    Unless there is something more basic at work here that I've missed??!



  • 4.  RE: Right-Click security options not presenting in the Console

    Posted Nov 28, 2013 08:20 AM

    Hi,

    Ping computer has a complex structure of references with other Resources, Data Classes, tasks, etc.
    Just adding read permissions to the ping computer item is not enough.
    I would recommend cloning the role that has appropriate permissions for the items and the hidden references, and then remove undesired permissions/privileges from the cloned role.



  • 5.  RE: Right-Click security options not presenting in the Console

    Posted Nov 28, 2013 08:25 AM

    As the Altiris Admins role has many other hidden security items associated with it, I would not recommend cloning it, as you will be unwittingly be providing more access than required.

    If the Ping action does indeed require certain resource data associations, it would be best to find out exactly what those were instead.



  • 6.  RE: Right-Click security options not presenting in the Console

    Trusted Advisor
    Posted Nov 28, 2013 09:10 AM

    Hi Robert and SK,

    Many thanks for your response though Robert and respect I totally agree with SK here; I've often heard from Symantec the advice of cloning the Administrator role and then whittling it down to gain the desired result. This though is a workaround for the awkward permissioning model and not the solution.

    The problem I've had previously with cloning roles is that I end up having to break inheritance in order to remove permissions. Breaking inheritance strikes me as a very messy way to proceed. It's also awkward to manage as the console doesn't have a graphical way to illustrate where this has been done, which leaves me hunting up the tree to find the 'break points' in order to troubleshoot.

    I've also gotten to a point where the role is working exactly as required except for this one thing. The thought of rebuilding it from a cloned role and then breaking inheritance does not appeal at this stage.

    Also, as SK says, it's better to know what permissions should be granted, and also understand why these aren't being exposed in the console. Bizzarely tracert works fine, which I would have thought under the hood was intrinsically the same type of task?



  • 7.  RE: Right-Click security options not presenting in the Console

    Broadcom Employee
    Posted Jan 31, 2014 06:34 AM

    Hi ianatkin,

    You need to add also “read” permissions to “AeX AC TCPIP” dataclass.

    After that menu item should appears.

     

    IPDC.png

     

    Regards

    AlexTH



  • 8.  RE: Right-Click security options not presenting in the Console

    Trusted Advisor
    Posted Jan 31, 2014 01:03 PM

    Hi Alex,

    I raised this to Altiris support and it's a bug. The final list of Right-Click itemsa user sees cannot tolerate duplicate names as the list generated is looked up by the item name rather than GUID. 

    This is to be resolved in HF4 according to feedback I got a couple days ago.

    Kind Regards,

    Ian./