Creating a Read Only role with access to all items in ITMS 8.x
search cancel

Creating a Read Only role with access to all items in ITMS 8.x

book

Article ID: 173193

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Creating a role which can access to all parts of the console but with Read Only access only

Environment

ITMS 8.x

Resolution

First, clone the role which has access to all part of the console (like Symantec Administrators).  Then change all appropriate permissions in Security Role Manager to Read Only following the steps below:

  1. In Settings>All Settings>Notification Server>Account Management>Roles, clone the "Symantec Administrators" role.
  2. Choose a name for the cloned role.
  3. Right-click on the newly created role and select Security Role Manager
  4. In the View dropdown select "Resources".
  5. In the Item Permissions pane, select the following:
    • Read
    • Read Resource Association
    • Read Resource Data
      NOTE: This prevens the role from being able to change any resource

  6. Press Advanced and select "Replace permissions on all child objects" as well.
  7. To make the role so it is unable to change polices or tasks, you would need to do the Steps 5-6 for all Data Classes, Items, including Policies and Tasks.
  8. You can create a report using the query in the attachment to this article(More_than_read_access.txt) to identify which resources have the "Write" privilege still selected for the newly cloned role.
    • Replace the  %Role%  in the first line with the GUID of the Role you are working on.
    • Double click on each row of the resolved report and do step 5 for each line again. (Every time coming back to Security Role Manager page, make sure appropriate role is selected)

Attachments

More-than-Read-access.txt get_app