Users from any custom or default security roles which are missing "View Security" system privilege cannot create resources, such as computers.
Example
- Create a clone of Symantec Administrator role or any role that has the ability to create assets, such as the CMDB Managers role, and then open the Privileges tab, remove "View Security" (located under System Privileges).
- Add any account to that role and login to Console with that account
- Go to Manage > Assets > Manage Configuration Items > Computers and Peripherals, right click and try to create new computer with any name.
- When pressing Save or OK you will see following error both in Configuration windows and logs - An error occurred saving changes. Unable to retrieve the sid associated with the specified name.
An error occurred saving changes. Unable to retrieve the sid associated with the specified name. Name: <accountnamehere>. Inner:
Altiris.NS.Exceptions.AeXException: Unable to lookup the SID associated with the specified account ---> System.Security.SecurityException: The caller
(<accountnamehere>. ) does not have the specified privilege ('View Security').
at Altiris.NS.Security.SecurityMonitor.Demand(PrivilegeCollection privileges)
at Altiris.NS.Security.PrivilegePermission.Demand()
at Altiris.NS.Security.AccountManagement.TrusteeManager.GetByName[T](String name, ItemLoadFlags flags)
at Altiris.NS.Security.SecurityTrusteeProvider.LookupSidFromName(String scope, String name)
The Zone of the assembly that failed was:
MyComputer
--- End of inner exception stack trace ---
at Altiris.NS.Security.SecurityTrusteeProvider.LookupSidFromName(String scope, String name)
at Altiris.NS.Security.SecurityTrusteeManager.GetTrustee(String scope, Int32 authenticationType, String authenticationName).