Video Screencast Help

SEP 12.1 Administrators : Creating Limited Administrators and groups

Created: 23 Aug 2012 • Updated: 28 Aug 2012 | 5 comments
rickyrome's picture
2 Agree
0 Disagree
+2 2 Votes
Login to vote

 

We support a global group of sites all over the world. We are required to provide each site with an administrator which we basically limit the administrator to only have "full access" to their site and "deny access" to the other groups/sites. By default when we create a new group in the console and then create a new user (limited administrator) for the site it has "full access"  and we have to edit the permissions for each group to deny access. The problem with that is we have to edit each user and then go back to the already created users(limited administrators) and deny permissions for the new created site. We will soon like to move to AD authentication and give sites access by their AD accounts, now you can about image the administrative effort in this with 200+ users. Could you come up with a method to be able to change the full access, deny access, read-only access by selecting a new drop down or something like that so every group automatically inherits the permissions you set vs having to edit each single one at a time. Also would it be easier to have the ability to create groups within the administrators to better manage all of the users, i think that would be a neat feature.

Comments 5 CommentsJump to latest comment

Jackie007's picture

Hi,

I think this is greate IDEA,we can add only user particular group and give the access rights.

Just like a AD group.......................Vote up..............

Thanks....

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you

0
Login to vote
Eileen's picture

Moving over to the Security Community for better visibility.

~Eileen

0
Login to vote
dsmith1954's picture

This can be remedied by using SEP Domains, which is what we do to overcome this limitation. This is one of the main reasons we use SEP Domains. I just hope they never get rid of SEP domains.

0
Login to vote
toby's picture

When you want to inherit the permissions click with the secondary mouse key just on the My Company and deny access for all.
This will be inherited for all subgroups and then you can simply allow full or read access only for certain groups.... Try it :-)

See also my idea I had quite a while ago..
https://www-secure.symantec.com/connect/ideas/user...

------------------------------------------------------------------

Best regards!

toby

CISSP / STS / MCP 

0
Login to vote
rickyrome's picture

@ Toby....all i have to say is WOW! I was on the phone with a Symantec Engineer and not even he could give me such a life saving tip! This will save me so much time, how did you figure this out? @ dsmith1954 i have not looked into SEP Domains, i will have to check that feature out to see how it can help us.

Ricardo Romero

MCTS

0
Login to vote