Prior to ITMS 8.1 RU4:

SMP Console times out when trying to add computers to a filter via a CSV file.

With ITMS 8.1 RU7:

Customer will create a new filter by going to Manage > Filters. They will usually do this filter creation using the Symantec Administrator role. 
They have a cloned copy of the Symantec Administrator role, along with level 1 worker role, where members will use a .txt file or .CSV file to import computers into that filter:

1. Add user to a cloned or any other security role other than the Symantec Administrators role
2. Create new filter
3. Edit this filter by clicking on icon to import computer list. Browse to the CSV file with the computer list
4. Wait for a moment but no computers are displayed as added 
   
   

This started to happen after their upgrade to 8.1 RU7, even with the fixes already added under ITMS 8.1 RU4 for the same issue. This only happens with any other security roles that are not the Symantec Administrators (even when those users have full access to computers resources).

Sometimes you may see an error like this after waiting for the page to load with the imported machines:

HTTP Request failed:
 /Altiris/NS/Admin/Collections/NSResourceCollection.aspx?Guid=a2ed6075-c7c7-48b7-abd6-b71c5acbcd39&TreeGuid=1ce604a6-c897-493f-a090-0039563990be&ItemGuid=a2ed6075-c7c7-48b7-abd6-b71c5acbcd39&ParentGuid=00000000-0000-0000-0000-000000000000&Url=http%3a%2f%2SMP01.domain.org%2faltiris%2fconsole%2ftree.aspx%3fTreeGuid%3d1ce604a6-c897-493f-a090-0039563990be%26%26ConsoleGuid%3d1b22db4e-a898-443f-9b99-855b1653d3f5&ConsoleGuid=1b22db4e-a898-443f-9b99-855b1653d3f5&CallbackPageId=d3b7819bb17f4b03945dad401a5c5011

Request timed out.
   [System.Web.HttpException @ ]

Exception logged from:
   at Altiris.NS.UI.AltirisWebApplication.ReportApplicationError(System.Web.HttpContext)
   at Altiris.NS.UI.AltirisWebApplication.Application_Error(Object, EventArgs)
   at System.Web.HttpApplication.RaiseOnError()
   at System.Web.HttpApplication.RecordError(Exception)
   at System.Web.HttpApplication+PipelineStepManager.ResumeSteps(Exception)
   at System.Web.HttpApplication.BeginProcessRequestNotification(System.Web.HttpContext, AsyncCallback)
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(System.Web.Hosting.IIS7WorkerRequest, System.Web.HttpContext)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr, IntPtr, IntPtr, Int32)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr, IntPtr, IntPtr, Int32)

User [MyDomain\Svc_Altpdws], Auth [MyDoamin\AltUser10], AppDomain [/LM/W3SVC/1/ROOT/Altiris/NS-3-132016168419455250]

HTTP [POST]: http://SMPServer.domain.org/Altiris/NS/Admin/Collections/NSResourceCollection.aspx?Guid=a2ed6075-c7c7-48b7-abd6-b71c5acbcd39&TreeGuid=1ce604a6-c897-493f-a090-0039563990be&ItemGuid=a2ed6075-c7c7-48b7-abd6-b71c5acbcd39&ParentGuid=00000000-0000-0000-0000-000000000000&Url=http://altws.nyumc.org/altiris/console/tree.aspx?TreeGuid=1ce604a6-c897-493f-a090-0039563990be&&ConsoleGuid=1b22db4e-a898-443f-9b99-855b1653d3f5&ConsoleGuid=1b22db4e-a898-443f-9b99-855b1653d3f5&CallbackPageId=d3b7819bb17f4b03945dad401a5c5011
 ip: [10.140.77.127]; languages: [en-US]; content-length: [100647];
 response: [200 OK]; x-smp-nsversion: [8.1.4528.0];
-----------------------------------------------------------------------------------------------------
Date: 5/6/2019 7:46:57 AM, Tick Count: 529289250 (6.03:01:29.2500000), Size: 2.32 KB
Process: w3wp (253088), Thread ID: 185, Module: w3wp.exe
Priority: 1, Source: WebApplication

Know issue. There is an optimization problem with "spGetPushAgentStatus" stored procedure.

ITMS 8.1 RU3

ITMS 8.1 RU7

ITMS 8.5 GA, RU1, RU2

Prior to ITMS 8.1 RU4:

The original issue with "spGetPushAgentStatus" stored procedure was addressed with fixes added to ITMS 8.1 RU4. See DOC10690 under "Fixed Issues for Notification Server" section.

With ITMS 8.1 RU7:

Even with the improved "spGetPushAgentStatus" stored procedure, there was an issue with how the Security Privileges and Rights are done when the user is part of a non-Symantec Administrator Security Role. This issue has been addressed with changes done under ITMS 8.5 with the introduction of a function called "fnAC_HasFullScopeAccess".

Please us the attached two files to add the proposed workaround:

The modified "spGetPushAgentStatus_Updated.sql" has the following section modified to utilize the new "fnAC_HasFullScopeAccess" from ITMS 8.5:

JOIN    (   
           SELECT    DISTINCT ResourceGuid  
               FROM  ScopeMembership  
               WHERE
               --Added this check to see if the users has rights to all computers before we check them one at a time
                (select dbo.fnAC_HasFullScopeAccess ('493435F7-3B17-4C4C-B07F-C23E7AB7781F', @Trustees)) = 1
                --End
               OR ScopeCollectionGuid IN  
            (  

              SELECT     ss.EntityGuid  
              FROM   sec_EntitySource  ss  
              JOIN   sec_EntityTrustee st ON st.EntityGuid = ss.SourceGuid  
              JOIN   @TrusteeGuids     tt ON tt.Guid = st.TrusteeGuid  
              WHERE  st.Permission >= 0x2000000000000000  
            ) 

Also run the attached "fnAC_HasFullScopeAccess.sql" to add the new function into your database.

With ITMS 8.5 GA, RU1 and RU2:

This issue has been addressed with ITMS 8.5 RU3 release.

In the meantime, here is a workaround that you can use. See attached "spGetPushAgentStatus_8_5_Updated.sql". Only suggested being used for 8.5 GA, RU1 and RU2 releases.