A custom security role for assets can be created by the Altiris Administrator if they want to have certain users have less or more rights to assets such as computers, purchase orders, locations, etc. (i.e., any resource types from Asset Management Solution, CMDB Solution, Barcode Solution and Data Connector Solution which are all part of the Asset Management Suite), than the out of box security roles provide. To help the Altiris Administrator get started with this, this article provides general information and best practices for how to create and troubleshoot custom security roles for assets. For additional assistance in creating and troubleshooting custom security roles, please refer to the Symantec ITMS Administration Guide (below), or contact Symantec Consulting Services at http://www.symantec.com/it-consulting-services.
Symantec IT Management Suite 7.5 powered by Altiris technology Administration Guide
Out of Box Security Roles for Assets
When possible, it is always recommended to use an out of box asset security role instead of trying to create a custom security role. This is because trying to create a custom security role to do exactly what is desired with assets can be very difficult, which is further discussed in the next two sections. There are three* out of box security roles that work with assets, which are:
* There are also one to two Barcode Solution security roles (depending on the version of Barcode Solution), the Barcode Manager and the Barcode User, but as these are intended for the configuring and scanning of assets with a handheld device, these are not otherwise discussed in this article.
Sometimes non-asset security roles are mistaken to have asset rights, but of which they do not, or if so, very little. For example:
Best Practices When Creating and Using Custom Security Roles for Assets
Walkthrough for How to Create a Custom Security Role for Assets by Cloning the Out of Box Symantec Level 2 Workers Security Role
The following instructions describe how to clone and modify the out of box Symantec Level 2 Workers security role so that its users can edit computers as an example on the basics of how to create a custom security role for assets. These instructions are not all-inclusive and only provide the bare minimum of what is needed to edit computers and only in certain areas of the Symantec Management Platform Console. The Altiris Administrator would further need to determine what other rights to set, which can be very hard to ascertain without a lot of testing and experimenting. Please Note: Symantec Technical Support is unable to provide the customer with a list of what rights are required to perform specific tasks and is unable to walk them through how to make a custom security role perform specific tasks. If the customer requires extensive help in creating or troubleshooting their custom security role, instead please contact Symantec Consulting Services at http://www.symantec.com/it-consulting-services.
Part 1: Clone and configure the Symantec Level 2 Workers out of box security role as a custom security role and add a test user to it.
Part 2: Add minimum rights to the custom security role enabling it to create and edit computers.
Note: This part refers to configuring a security role's "rights", which refers collectively to "privileges" (from the Account Management > Roles window) and/or to "permissions" (from every where else in Security Role Manager).
Other Customization Settings
This article intentionally does not cover in detail other security setting types that can be customized. In brief, these include:
As can be seen by the minimal-yet-still-extensive above walkthrough, it can be very complicated and even daunting to create, even from a clone, a custom security role for assets. When possible, it is always recommended to use an out of box asset security role instead of trying to create a custom security role.
Unable to view, edit or save assets when the user is in a custom security role for assets
After upgrading the Symantec Management Platform 7.1 to 7.5, associations in resources are then missing
Error "User does not have permissions to create a resource of the given type ." occurs when trying to save an Asset Management or CMDB Solution asset type after upgrading to from Symantec Management Platform 7.1 to Symantec Management Platform 7.5
CMDB Managers role no longer is able to use Set Asset Status right click function