Video Screencast Help
New Company Name and Logo Announced. Learn More.

Allow limited administrator with read-only group rights to remotely run commands

Created: 17 Aug 2010 • Updated: 04 Nov 2010 | 5 comments
Chris Simmons's picture
16 Agree
0 Disagree
+16 16 Votes
Login to vote

I want to grant my support personnel read-only group rights and command rights to scan and update content.

SEPM does not appear to support this scenario due to the way the limited administrator permissions were designed.  When a limited administrator account is created and configured with the aforementioned settings, it has read-only visibility to clients in groups, but cannot run commands on clients.  The "Run Command on Clients" option in the right-click menu for clients is grayed out.

This seems to be a design deficiency in the behavior of permissions.  I would like to see the SEPM product changed so that, for limited administrator accounts, command rights will take precedence over group rights.

I have attached screenshots of the account settings and resulting inability to run commands.

Comments 5 CommentsJump to latest comment

Szilvi's picture

Agree, although updating content and runing scans is not exactly a "read" action, but it makes sense to allow it to any limited administrators - at least there should be the option to allow or deny it.

Login to vote
NRaj's picture

Agreed. limited admins should be able to do this.

Login to vote
mchristal's picture

this was working in 11MR4 but suddenly failed after upgrade to 11RU6...

Really needed because otherwise limited admins should be granted "full access" on the group to be able to run commands, but this allow them also to delete / create groups etc.. way too much.

Login to vote
adutchman's picture

I agree with your thinking.  I have also discovered that a limited administrator with Read Only rights to Groups is unable to use the search function to find clients.

What part of a search would require "full access" to complete a search capability?

Login to vote
FilipB's picture

I would  you to introduce this capability back into the SEPM.

To be able to run commands from SEPM console while being a limited administrator would add better granularity and better control. Specially when trying to provide remote SEP capabilities to level one support.

Login to vote