Client Management Suite

 View Only
  • 1.  Security Role Manager

    Posted Sep 17, 2011 12:15 PM

    Is there any detailed guide about Altiris security role manager since there are alot of permissions and to provide specific set of permissions is quite difficult, I will be really grateful if someone can help me in this issue

    Thanks



  • 2.  RE: Security Role Manager

    Posted Sep 20, 2011 11:54 AM

    I also looked for this same document but one does not exist that explains the exact features and checkboxes of the Security Role Manager.

    However, I've created several documents that will walk you thru how to create several roles based upon your needs such as Reporting, Resource Manager and Software Manager.

    https://www-secure.symantec.com/connect/downloads/create-custom-security-role-report-viewers-v10

    https://www-secure.symantec.com/connect/downloads/create-custom-security-role-software-manager-role-v10

    https://www-secure.symantec.com/connect/downloads/create-custom-security-role-resource-manager-role-v10



  • 3.  RE: Security Role Manager

    Posted Sep 22, 2011 06:53 PM

    Thanks Benjamin, the documents are quite helpful, but i am trying provide a web portal to our business where application metering can be viewed, and to do that i need to give them limited privileges

    Appreciate your support

    Thanks



  • 4.  RE: Security Role Manager

    Posted Sep 26, 2011 08:03 AM

    One thing Development and Support will always suggest is that you start by cloning the Admin role and then remove permissions you do not think are needed. That way you can give the role the proper access a bit easier.

    I found that by creating the role from "scratch" take many hours of enabling a single permission and testing out exactly what rights that one checkbox supplied to th role. It is not always that intuitive.



  • 5.  RE: Security Role Manager

    Posted Sep 30, 2011 06:36 AM

    Thanks for your support Benjamin, it appears this is the only way until symantec post a detailed guide about security role manager



  • 6.  RE: Security Role Manager

    Posted Nov 09, 2011 12:31 PM

    "One thing Development and Support will always suggest is that you start by cloning the Admin role and then remove permissions you do not think are needed."

    --------------------

    Wow! Something like this came from a security company? On the Windows side, we always start as User and then add permissions as needed until they have what they require.

    Starting someone off as Admin and then pulling permissions leaves the system wide-open. What if you forget to remove a vital permission? That person/role would have full access to do whatever they wanted, or had permissions to do, on the SMP.

    My advice would be to clone a user role and add permissions as needed. It may take longer, but at least you're not opening your SMP to possible damage by someone that doesn't know what they are doing.

    If you're wanting a business to view Application Metering stuff, they may only need some of the App Metering reports. Give them a user role and "Run Reports" permissions to reports related to App Metering. I wouldn't give them save or schedule permissions on reports because you can find your SMP/database full after they inadvertantly schedule reports to run every hour or so...



  • 7.  RE: Security Role Manager

    Posted Nov 11, 2011 08:07 AM

    I have to agree that the best practice would be to start from the least priv role and add on permissions, I was only passing on what has been the recommendation for several years now on how to actually assign permissions in your console. Besides, the accounts you are using and the roles you setup I assume would be for specific users, I would see anyone adding Domain Users to a role as THAT would then require a much more strigent process on creating roles and assigning permissions.