Targets are grayed out and Cloned Security Roles are no longer assigned to those targets
search cancel

Targets are grayed out and Cloned Security Roles are no longer assigned to those targets

book

Article ID: 281056

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

You have noticed that some of your targets are grayed out and they show a lock icon. This is seen even when you are a member of the Symantec Administrators Role.

You get this message if you right-click a patch and say distribute:

You currently do not have sufficient network access rights to the Symantec Management Console

On every policy – whether App metering, Patch Management, or a software policy… they are greyed out as seen here:

And every target has the lock icon:

Environment

ITMS 8.7.x

Cause

The scoping is wrong on all of them because they are using an old Security Role Group.

The following query will return the names of the affected policies, and the count of targets per policy that are problematic:

select distinct p.Nameas PolicyCOUNT(*)as [Affected Targets]

from ItemAppliesTo iat

 join Item pon p.GUID= iat.ItemGuid

 join Item ion i.GUID= iat.ResourceTargetGuid

 left join ResourceTargetOwnerTrustees roton rot.ResourceTargetGuid= iat.ResourceTargetGuid

 left join SecurityTrustee ston st.GUID= rot.TrusteeGuid

where rot.ResourceTargetGuidis null  or st.GUIDis null

group by p.Name

order by p.Name

Resolution

If your account is seeing these resource targets with lock icons, then the account can't use these resource targets.

We have a the following documentation proving information on creating or modifying a resource target:

Creating or Modifying a Resource Target

Here are a few things to check/review:

  1. Check if there is an active policy assigned to these targets. A grayed out icon for target means that this target is in a disabled policy.



  2. Log in as a member of the default Symantec Administrators role account and check 'Roles' for this affected resource target. See if this cloned role is a member or not of the target(s). For example:



  3. Check the "Update targets" option when you are cloning a role:


In this instance, the Symantec Administrators' Security Role was cloned and the button to apply to targets was selected. Then the old Security Role was renamed to in 8.5 as part of the name (as seen in the screenshot above) and the new Security Role is named using the user's normal naming convention.

Note: With our ITMS 8.7.2 release, we added some small fixes in some areas around Security Roles and target functionality.

These were some of the behaviors that were fixed:

  • If you cloned Symantec Administrator role, the new role has access everywhere
  • Role no longer able to:
    • Error on Agent Install page (package not available)
    • Custom filter - unable to update membership
    • Role no longer see computers in Manage>Computers - All Computers Views and Groups
    • Possible issues with Manage/Software and/or Managed Delivery policies due to loss of access to node/item
  • Cloning Symantec Admins again and adding user as member bring back all functionality back

 

Additional Information

Powered by Wolken Software