SEP Mobile MC Viewer account appears able to have elevated privilege
search cancel

SEP Mobile MC Viewer account appears able to have elevated privilege

book

Article ID: 246499

calendar_today

Updated On:

Products

Endpoint Protection Mobile

Issue/Introduction

When logged into the SEP Mobile Management Console (MC) using an account which has been assigned the Viewer role, it is observed that the user appears to have the capability to change settings, which should only be possible using an account with the Full Admin role.  

For example, a user with the Viewer role can adjust settings on the Protection Actions page, and when doing so will be prompted with the same orange warning banner which an Admin would receive before committing a change: 

Resolution

This is expected behavior.  If a user with the Viewer role were to actually try and Apply a settings change in any part of the MC they would be denied:

 

Additional Information

To confirm any recent config changes in the MC, please refer to the Admin Audit Log:

https://knowledge.broadcom.com/external/article/173107/locate-admin-audit-logs-for-mobile.html

For information on managing logins for the MC please refer to the product KB:

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection-mobile/1-0/Management-Console/managing-admin-users-v131859562-d4221e491.html

Powered by Wolken Software