This article details how to start with a User who is canned and provide them with the needed permissions to perform processes within Patch Management Solution.
The attached zip file outlines the process for adding the required permissions to an existing User Role and scoping their view to prevent the User from seeing other custom folders in the Console. Note; these custom folders can house Software Update Policies to prevent any other Users from modifying them.
Attached zip file includes screen shots, which are named per the Process / Step, outlined in the process Word.docx document for visual reference.
Advisory: No changes can be made to the default folders in the Console, for that will cause severe issues within Patch Management Solution.
Additionally, this process starts with the 'Symantec Level 2 Worker' role, for the base permissions have to be granted to start with, as it is very complicated (almost impossible) to start with zero permissions and work up to the basic usability level.