Allow limited administrator with read-only group rights to remotely run commands
I want to grant my support personnel read-only group rights and command rights to scan and update content.
SEPM does not appear to support this scenario due to the way the limited administrator permissions were designed. When a limited administrator account is created and configured with the aforementioned settings, it has read-only visibility to clients in groups, but cannot run commands on clients. The "Run Command on Clients" option in the right-click menu for clients is grayed out.
This seems to be a design deficiency in the behavior of permissions. I would like to see the SEPM product changed so that, for limited administrator accounts, command rights will take precedence over group rights.
I have attached screenshots of the account settings and resulting inability to run commands.
Comments 4 Comments • Jump to latest comment
Agree, although updating content and runing scans is not exactly a "read" action, but it makes sense to allow it to any limited administrators - at least there should be the option to allow or deny it.
Agreed. limited admins should be able to do this.
this was working in 11MR4 but suddenly failed after upgrade to 11RU6...
Really needed because otherwise limited admins should be granted "full access" on the group to be able to run commands, but this allow them also to delete / create groups etc.. way too much.
I agree with your thinking. I have also discovered that a limited administrator with Read Only rights to Groups is unable to use the search function to find clients.
What part of a search would require "full access" to complete a search capability?
Would you like to reply?
Login or Register to post your comment.