Secured Filters - Secured Collections
Please bring Secured Collection functionality back to Altiris 7.x. We need to be able to set up server collections/filters that can be modified by the SysAdmins, but that are limited in scope by a parent filter. Our SysAdmins support multiple customers/multiple locations so using Organizational Groups security is not feasible for this purpose.
A bit of background:
- We are an outsourcing organization supporting servers for multiple customers. The customer's servers may reside at any of several datacenters as well as at remote customer locations.
- In our environment, customers/servers cannot be grouped by subnet or location and domain configuration (if any) is customer-determined & controlled.
- Since we have multiple customers with unique change control and patch scheduling requirements, we're rarely able to employ fully automated patching policies.
- Each customer has its own SW Update Agent Configuration Policy. If their requirements preclude fully automated patching, their Policy is set to run as far in the future as Altiris will allow....so it never actually runs.
- For these customers, the patching process for each patching collection is triggered by a Job scheduled by SysAdmins based on customer requirements.
- Each customer has its own set of collections. Customer collections are based on a custom dataclass value (customer code) gathered from the client's registry by a scripted process. The registry entry is set up during build.
Current NS6 setup:
- Customer master collections: Filtered by customer code & OS type (Windows/UNIX)....also used by Inventory, Task Management, & Reporting.
- Customer global patching collections: Limited in scope to the customer master collection with “Customer Exclusions” collection excluded,
- Customer Exclusion collections. Explicit. SysAdmins can modify the exclusions, based on customer requirements.
- If required, window/wave patching collections: Limited in scope to the customer global patching collection, servers are explicitly included, SysAdmins can modify the inclusions, based on customer requirements.