Setting up Security Role and Privilege Standalone Replication Rules
search cancel

Setting up Security Role and Privilege Standalone Replication Rules

book

Article ID: 217055

calendar_today

Updated On:

Products

IT Management Suite Client Management Suite

Issue/Introduction

You want to use a copy of your custom Security Role from one SMP Server in another SMP server to test the privileges and permissions before those can be implemented in Production.

In some instances, you may need to migrate your security role and its privileges to a different SMP server. 

 

Environment

ITMS 8.5, 8.6, 8.7

Resolution

Standalone replication lets you reliably move a large amount of data from one Symantec Management Platform (SMP) to another.

The solution is to use Security and Privilege Standalone Replication Rules.

Please refer to our Data Migration Guide. See “Configuring and running standalone Security Replication Rule” section on page 10

or 

Configuring and Running Standalone Security Replication Rule

 

Configuring and running standalone Security Replication Rule

A Standalone Role Replication Rule lets you replicate the Roles and Accounts. The Role Replication Rule automatically replicates all accounts that are assigned to the replicated role as well as all roles that are members of the replicated role.

Note: Do not replicate the predefined roles.

Standalone Privileges Replication Rule lets you replicate the Privileges. After the replication, the privileges are automatically applied to the replicated roles. Each role gets the privileges that it has on the source Notification Server.
Note that you must replicate Roles before replicating the Privileges.


Warning:
If you replicate a privilege of a product that does not exist on the destination Notification Server, the following warning message appears in the log of the destination Notification Server during the replication:
"Product c432b710-f971-11a2-8643-20105bf409af does not exist in the NS, and privilege ViewOnly could not be imported.",
"Altiris.NS.Security.PrivilegeHelper.ImportExtendedPrivilege", "Altiris.NS.dll", "96", "Warnings"

Note: Right-click menu privileges do not replicate for custom roles because the Right-Click Menu items are not part of the security replication rules. To replicate Right Click Menu items, you must create and run an Item Replication Rule that replicates all items under Notification Server > Settings > Notification Server > Right Click Menu folder.

To configure and run a standalone Security Replication Rule

  1. In the Symantec Management Console, on the Settings menu, click Notification Server > Hierarchy.
  2. In the left pane, expand the Replication folder, right-click the Security folder, and then, depending on your requirement, click New > Role Replication Rule or New > Privilege Replication Rule.
  3. On the New replication rule page, configure the settings as follows:

    Specify the Roles or
    Privileges that you want to
    replicate
    To specify the Roles, do the following:
    1. At Roles, click None selected.
    2. In the Select Roles dialog box, under Available items, select the items that you want to replicate, and then click OK.

    To specify the Privileges, do the following:
    1. At Privileges, click None selected.
    2. In the Select Privileges dialog box, under Available items, select the items that you want to replicate, and then click OK.
    Specify the Destination
    Notification Server
    1. At Destination, click Specified Notification Servers.
    2. In the Notification Servers dialog box, under Available Notification Servers, select the destination Notification Server
      from the list.
    3. (Optional) To add a new Notification Server, click Add Notification Server icon on the toolbar.
      In the Add a Notification Server by name or browse the network dialog box, type the hostname or FQDN of the destination Notification Server, specify the Notification Server
      Web Site, and then click Add.

      If you want to use a non-default port for replication, you must specify the HTTP or HTTPS port as follows:

      Notification Server Name: domain-name.com

      Notification Server Web Site:
      https://domain-name.com:777/Altiris/NS/

    4. Click OK

    Specify the Credentials for
    accessing the target
    Notification Server.
    1. At Credentials, click Specified Credentials.
    2. In the Credentials dialog box, specify the credentials for source and target Notification Servers.
      Note that if you select Use these credentials, you must enter the credentials of a user with Symantec Administrators' role on the source and destination Notification Server.
    3. Click OK
    Specify the replication
    options.
    The replication options are as follows:
    ■ Replicate All
    Let's replicate all items, roles, or privileges regardless of whether they have changed or not since the previous replication. Every time your standalone replication rule runs, the selected items, roles, or privileges are unconditionally replicated to the destination Notification Servers that you specify.
    ■ Replicate If Changed
    Lets you minimize the overhead of successive replications and skip the items, roles, or privileges that have not changed since the previous replication.
  4. Click Save changes.
  5. To run the replication rule, right-click the replication rule name in the left pane, and then click Run.
    Alternatively, you can schedule the replication rule to run at a specified time.

 

For more information, please refer to our Online Documentation on the topic.

About standalone replication rules