Patch Management Group

 View Only

  • 1.  Altiris Roles and create policies but not distribute

    Posted Apr 03, 2013 08:04 PM

    Hi

     

    Im currently trying to create a role which has the ability to create a policy to distribute a software update, but not be allowed to turn it on (or enable it).

     

    Another user who will have more privilges will the examine the policy to approve it. Once approved the policy will get enabled (turned on) by that other user who has the increased privilges

     

     

     

     any suggestions welcome



  • 2.  RE: Altiris Roles and create policies but not distribute

    Posted Apr 04, 2013 03:53 AM

    I don't think that's possible the way you want it. But let's hear from someone who actually knows the product. If that's somehow possible, I will be interested to read it :)



  • 3.  RE: Altiris Roles and create policies but not distribute

    Posted Apr 04, 2013 11:14 PM

    Thanks, yeh I would be interested as well :)



  • 4.  RE: Altiris Roles and create policies but not distribute

    Posted Apr 05, 2013 12:17 AM
    Me too


  • 5.  RE: Altiris Roles and create policies but not distribute

    Posted Apr 05, 2013 10:15 AM

    OK, to do this, you would need to prevent them from being able to specify the target for the policy, as the person who is checking over its configuration should assign the target.

    To do this, simply ensure that the role does not have the "Create Resource Targets" management privilege assigned to it. Obviously, the members of that role should not be members of any other role that does have that privilege.

    The main reason to do that is because only members of a role that creates a target can see that target, unless of course, you are a symantec Administrator.

    Not having the system "Read" permission to the "Enable/Disable Policy" task type is an and/or option to the above.