Creating a Read Only role with access to all items in ITMS 8.x
book
Article ID: 173193
calendar_today
Updated On:
Products
IT Management Suite
Issue/Introduction
Creating a role which can access to all parts of the console but with Read Only access only
Environment
ITMS 8.x
Resolution
First, clone the role which has access to all part of the console (like Symantec Administrators). Then change all appropriate permissions in Security Role Manager to Read Only following the steps below:
In Settings>All Settings>Notification Server>Account Management>Roles, clone the "Symantec Administrators" role.
Choose a name for the cloned role.
Right-click on the newly created role and select Security Role Manager.
In the View dropdown select "Resources".
In the Item Permissions pane, select the following:
Read
Read Resource Association
Read Resource Data NOTE: This prevens the role from being able to change any resource
Press Advanced and select "Replace permissions on all child objects" as well.
To make the role so it is unable to change polices or tasks, you would need to do the Steps 5-6 for all Data Classes, Items, including Policies and Tasks.
You can create a report using the query in the attachment to this article(More_than_read_access.txt) to identify which resources have the "Write" privilege still selected for the newly cloned role.
Replace the %Role% in the first line with the GUID of the Role you are working on.
Double click on each row of the resolved report and do step 5 for each line again. (Every time coming back to Security Role Manager page, make sure appropriate role is selected)