Hi,

I am using SEPM 12.1 and i need to create a user with a limited access which can only view the groups without being able to change any thing at all.

Thanks

See this articles

https://www-secure.symantec.com/connect/articles/sepm-administrators

Helpful Articles:

About administrators

http://www.symantec.com/docs/HOWTO55478

Managing domains and administrator accounts

http://www.symantec.com/docs/HOWTO55094

Adding an administrator account

http://www.symantec.com/docs/HOWTO55403

About access rights

http://www.symantec.com/docs/HOWTO55041

Configuring the access rights for a limited administrator

http://www.symantec.com/docs/HOWTO55037

How to change Manage Group permissions for Limited Administrators in SEPM for multiple groups.

http://www.symantec.com/docs/TECH92651

Which administrator activities are logged in the Symantec Endpoint Protection Manager console?

http://www.symantec.com/docs/TECH141668

About administrator account roles and access rights (Endpoint Protection 12.1.2)

http://www.symantec.com/docs/HOWTO81226

Hello,

How to Create and Manage Administrators in the Symantec Endpoint Protection Manager (SEPM)

http://www.symantec.com/business/support/index?page=content&id=TECH122473

https://www-secure.symantec.com/connect/articles/sepm-administrators

Thumbs up to the above!

Prior warning though, if you have lots of groups, then it's gonna take a while .  Essentially, you'll need to create a new Limited Administrator account, put a tick beside the "Manage Groups" option under the "Access Rights" tab, then go through every group and switch the permissions to "Read-only" access (even for inheriting groups).

Incidentally, with the "Manage Groups" option enabled, you also have the option to allow the Liminited Admin to run specific commands (if you so wish), even on Read Only groups

Hi,

Thank you for posting in Symantec community.

You can create limited administrators with necessary access/rights.

You can create additional administrators as per business requirement.To add new administrator first time you need to login with 'admin' account.

1. In the console, click Admin. On the Admin page, click Administrators.

2. Under Tasks, click Add an administrator.

   After you add an administrator account, you can change the user name by clicking Edit the administrator.

3. In the Add Administrator dialog box, on the General, Access Rights, and Authentication tabs, specify the account information.

   Click Help for more information.

4. Click OK.

Refer this article:  SEPM Administrators

https://www-secure.symantec.com/connect/articles/sepm-administrators

Hi,

Do you need more help here ?

Hi,

I have so many OUs (Range of 200) and i dont know how to apply the access rights on all, is there any other shirt way which can speed it?!!!!!!!

See this articles

How to change Manage Group permissions for Limited Administrators in SEPM for multiple groups.

Nopes, as I mentioned in my post, it's a right pain but the only way I'm aware of is to go through the entire "Manage Groups" list and assign rights (Full/None/Read-Only) for each oneas required 

Obviously, this is not ideal in your case.  Perhaps it'd be worthwhile creating an "IDEA" on these forums to enhance the permissions assignment interface for Limited Admins?  If it garners enough support from the community then Symantec may introduce it in the future...

#EDIT#

Missed James' post!  Ignore me then.

Learn something new everyday 

Big thank to James007,  you really saved my day :) Thanks also for SMLatCST