SMP Security Role Matrix and general Security Information
Article ID: 162558
Updated On:
Products
Issue/Introduction
It can be difficult to know what Permissions and Privileges are needed for a given Security Role to achive a desired outcome. This article is intended to provide information that will help make assigning Permissions and Privileges to existing roles have more transparent and easier to understand for specific scenarios.
Environment
ITMS 8.x
Cause
Permissions and Privileges logic can be difficult to understand
Resolution
The following sections are provided below to help:
- Matrix that shows all Permissions and Privileges assigned to out-of-the-box roles
- Script that can be run in SQL or as a report that will create a matrix that includes Custom Roles
- Links to Security Role related KB's that can help provide a better understanding of the SMP Security
- Links to KB's that cover common scenarios:
Matrix for Permissions and Privileges
The attached file "Privileges and Permissions per role.xlsx" contains the following:
- Privileges - Shows All Security Roles and the Privileges assigned to them. Grouped by the Display group they are displayed in
- Folder Permissions - Shows All Folders grouped by the folder path, where any permissions are specifically assigned. It does not show inherited permissions
- Item Permissions - Shows Items that have security applied specifically to them by role, grouped by the path to the Item.
- Permission list - List of all possible permissions, with a description and the associated GUID
- Privilege list - List of all possible Privileges, with a description and the associated GUID
NOTE: There are filters at the top of each column that make it possible to limit the results to more usable amounts of data.
The following screenshot shows how easy it is to see the Management Privileges assigned to each role:
Script to create the Matrix
The attached "Security Matrix builder for Permissions and Privileges.sql" file has four sections, to see similar data for a different version or to include custom roles in the matrix
- Get matrix for Privilege role comparison
- Get matrix for Permission role comparison of Folders or Items
- Get Permission list
- Get Privilege list
Security Role information KB's & Documentation
- Common references on Security Roles and Permissions
- Troubleshooting missing permissions for Security Roles
- Creating and Configuring Security Roles
- Assigning Privileges to a Security Role
- Adding Members to a Security Role
- Assigning a Symantec Management Platform User Account to a Security Role
- Adding Security Roles as Members of Other Security Roles
- Assigning Security Permissions to Folders and Items
- Customizing Permission Inheritance
- Predefined Security Roles
Common Custom role KB's
- SMP Security Role Matrix and general Security Information
- Add the ability to perform Patch Management Admin processes to an existing canned user
- The current user does not have required permission 'read' to load item: Resource Manager Dashboard Console Menu
- Create a Security Role that can see "Add Filter Criteria" and the content for "Add Custom Criteria"
- Scope with Security Roles to manage Workstations and Servers
Attachments
Feedback
