Trying to use a specific area in the Altiris Console, such as viewing or editing assets, results in the inability to do so, or errors.
Because various issues could potentially result in this generic behavior, the scope of this article is to discuss security roles. These are located in the following locations, depending on the version of the Notification Server being used:
Corrupted user records in security roles
Verify if there are any corrupted user records present in the security role folders. This is performed by manually looking in each listed security role. Corrupted users will appear as either a duplicate name, or "Domain_Name\" with no user name associated with it, numeric names, or other names that are determined to not be real user names. All users should appear as "Domain_Name\User" or as "Domain_Name\Group_Name".
Altiris users and security roles are actually users and groups from Windows. Corrupted users will appear as a SID there, instead of a user or group name. This can occur when users are disabled or deleted in AD without first removing them from their group memberships. Other issues (unknown) may also cause this to occur.
The solution to this is to delete the corrupted user or group in Windows > Users or Groups. Refresh the affected Altiris security role, which should then show that the duplicate or "Domain_Name\" user record is now removed (if not, remove it). Then, re-add the user or group to the security role.
This can occur most often in the administrator role, but can be in any. Ensure that each security role is verified to not have any corrupted users.
Custom security roles
A user that is in a custom security role, if not set up correctly, may see all manner of permissions-related issues. This can often manifest itself as the inability to see or edit assets, but other users can. If the affected user is in a custom security role, verify if this is the issue by temporarily adding them to the Altiris Administrator role. If so, then the custom role will need to have additional permissions set.
Unfortunately, Symantec Technical Support does not offer a list of what permissions to set, where, for specific roles, such as for making a limited asset security role. Best practices for this are:
Note: After making any changes, close any active Helpdesk console browser, then re-open to verify if the issue has been resolved. A short wait may also be needed, and/or an IIS reset.
Worker console only displays Recents command
New Incidents link missing from Worker Console
Error "The command that you have attempted to run in inactive" when trying to create new incidents