How to configure Barcode users to only have access to specific synchronization profiles

book

Article ID: 181513

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

 

Resolution

Barcode users can, by default, see and access all synchronization profiles. Furthermore, there is no method out of box to change this, as all have the same permissions. Using a custom Barcode security role, however, can alter these permissions, granting or not granting access to specific synchronization profiles. The following instructions demonstrate how this can work:
 

  1. In a Symantec Management Platform Console, while logged in as a Symantec Administrator, click on the Settings button > Security > Account Management.
  2. Click on Roles.
  3. Find and right click on Barcode User > Clone.
  4. Enter a name for the custom Barcode User role.
  5. Click on the OK button.
  6. Click on the Add "+" button to add users who will have restricted synchronization profile access. Note: If these users are part of the Barcode Users or Symantec Administrator security roles, remove them from there, otherwise they will inherit overriding permissions.
  7. After adding users, click on the Show Security Role Manager Console button.
  8. The Role drop-down list should show the name of the custom barcode security role; if not, select it from the list.
  9. In the View drop-down list, click on Settings.
  10. Click on to expand the folders Notification Server > Console Settings > Views > Barcode Solution > Synchronization Profiles.
  11. Click on the synchronization profile to edit.
  12. In the Noninherited section, click to uncheck Read.
  13. Click on the "Save changes" button.
  14. Repeat steps 11 through 13 for any additional synchronization profiles to disable access to.
  15. It is strongly recommended that this is all that is changed. This will enable the users in the custom security role to see but, for the most part, not make changes to, the selected synchronization profile. This does not prevent it from being used, however. If this is all that is desired, click on the "Save changes" button. If, however, the Symantec Administrator wants to further lock this custom security role down for specific synchronization profiles, perform the following additional steps.

    a. Click on the Advanced button.
    b. The Account/Role section should show the name of the custom barcode security role; if not, select it from the list.
    c. Click on the "Inherit the permission entries from parent object that apply to child objects" to uncheck it. WARNING: Breaking inheritance may have negative consequences. This process should therefore be performed by the customer on a test server to ensure it performs as expected before being applied to a production server.
    d. Click on the "Save changes" button.
    e. On the Inherited Permissions Behavior window, click on the Remove button.
    f. Click on the "X" button to close the Permissions window.
    g. In the Inherited section, if Read is still checked, click to uncheck it.
    h. Click on the "Save changes" button.
    i. Repeat steps 11 through 15 for any additional synchronization profiles to disable access to.
    j. When users in this custom security role log in, they will not be able to then see and use the disabled synchronization profiles, but users in the normal Barcode User security roll will be able to.


Related Article

How to reset the Barcode User Security
http://www.symantec.com/business/support/index?page=content&id=HOWTO80655