understanding Roles and Permissions
ok so now that my dev environment has been up for a good time, tons of documentation for us to move over to our test server...
this now has to be prestine and installed and configured and validated step by step with no room for errors as then when we go to our production server it is all documented 100% without a doubt...
ok so all looks good but for the security/permissions... this is where i just cant wrap my head around it. Since myself and a few others are in the Symantec Administrators group, this has been a walk in the park!
now we need to segregate us (administrators) out and lock ourselves out somewhat... there is the app id account that will get us in to do what we need too and is auditable so off to the steps/questions...
I followed the instructions in the KB's to import an AD group.
This created a new role and populated users
Now questions on that.
1. if I rename the group will it still modify the group accordingly to the AD group when the import runs next? (supposed new/removed employees)
If you clone say Symantec Administrators then add those administrators in, name to App Admins for Role Name...
2. how would you tie that AD group to this role?
in NS6 it was easy.. clone role, modify, add AD group and done.... now it seems that it isnt that easy and im not getting what I need.
I will give the exact example of what im trying to do.
App ID account is in Symantec Administrators group and has FULL RIGHTS
App Admins group needs Administrator functions minus a few where auditing is not possible and an exmaple is Purging Maintenance.
I impored in a AD group and it created a new role but that role had 0 access. so I have been trying to give ALL rights but this is not an easy task as I am still missing stuff here and there.... so I figured you should be able to Clone Symantec Admins Give it a Name and modify... done...
so lend me a thought please!!!!!