I've just updated from CMS and Inv Soln for Servers 7.1 SP1 to SP2. We use Role Based Access Control (RBAC) with nested AD Global Groups.
So we have a Domain Global Group for anyone performing the Infrastructure Administrators Role, ROL_Inf_Admin, which is a member of the Domain Global Group for roles that need to perform Administrative Tasks in the Altiris Console, TSK_Alt_Admin. This TSK group is in the Console's "Symantec Administrators" security group. Prior to SP2, users in ROL_Inf_Admin had full admin rights to the Altiris console.
The day after the SP2 upgrade (run as the Altiris service account) we all lost access to the console, getting "Access Denied". If I add the individual Domain user account into "Symantec Administrators" access is restored for that account.
If I have just ROL_Inf_Admin in the "Administrators" group of a domain PC, a member of that Group logging into the PC has local Administrator rights, so pass through for the domain is working.
I've got Symantec Support trying to recreate but has anyone else upgraded to SP2 and either had or not had this happen to them?