Creating a Custom SMP Role for access to Arellia Products Only

Owned by Anonymous
Last updated: Nov 08, 2012 by AnonymousVersion comment
3 min read

Purpose

This article will explain the process of creating a Security Role with the minimum amount of permissions needed to use the Arellia Console.

Steps

  1. Open up the Symantec Management Console and select Settings -> Security -> Account Management
  2. Select Roles
  3. Clone the Symantec Supervisors Role and Name it "Arellia Supervisors"
  4. Uncheck privileges for all non-Arellia solutions (eg. Workflow, pcAnywhere, Agentless Inventory, IT Analytics)
  5. Save Changes and click on "Show Security Role Manager Console"
  6. Select "All Items" from the drop-down menu
  7. Select Policies and uncheck "Delete" and "Write" under System Permissions
  8. Select Policies > Arellia and check "Delete", "Write", and "Clone" System Permissions
  9. Check all settings under "Policy Permissions"
  10. Check "Create Children" under Folder Permissions
  11. Select Reports and uncheck "Delete" and "Write" under System Permissions
  12. Select Reports > Arellia and click on the "Advanced" button
  13. Select the blue add button and then select the "Arellia Supervisors" role and then press "Select"
  14. Select "Arellia Supervisors[Altiris Role]; Permissions Custom[Non-Inherited]"
  15. Enable Full Control and then Save Changes
  16. Navigate to Resource Management and remove the "Write" System Permission
  17. Navigate to Resource Management > Filters > Arellia and add "Delete", "Write", and "Clone" System Permissions
  18. Add all Resource Management Permissions and then Save.
  19. Navigate to Settings and remove "Write" System Permissions
  20. Navigate to Settings > Agents/Plug-ins and Remove "Write" System Permissions
  21. Navigate to Settings > Agents/Plug-ins > Arellia
  22. Click Advanced and follow steps 13-15 to add Full Control for Arellia Supervisors
  23. Navigate to Settings > Arellia
  24. Click Advanced and follow steps 13-15 to add Full Control for Arellia Supervisors
  25. Navigate to Settings > Notification Server > Resource and Data Class Settings
  26. Add "Read Resource Data" and "Read Resource Association" Resource Management Permissions
  27. Navigate to Tasks
  28. Remove "Delete" and "Write" System Permissions
  29. Navigate to Tasks > Jobs and Tasks > Arellia
  30. Click Advanced and follow steps 13-15 to add Full Control for Arellia Supervisors

The Arellia Supervisors custom role should now work correctly with all Arellia Products.