How to give access to the Resource Manager
search cancel

How to give access to the Resource Manager

book

Article ID: 180424

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Question
How can I enable access to Resource Manager or assign specific permissions to them so certain users and roles can or cannot access them?

When a User belongs to a Security Group and does not have permission to load Resource Manager, the following message will be displayed:

"Permission to view this resource is denied"

or if the User doesn't have permission to see some of the Resource Manager menus, like the "Summaries" menu,

entries like this one may be logged in the NS logs:

Page '/Altiris/PatchManagementCore/Resources/SoftwareUpdateSummaryMain.aspx' with GUID 'b968001b-6785-4337-9797-142d8d91f1b7' hasn't permission for read. More likely parent folder '1623fca1-2c3a-4c5f-b6e0-e631956758b5' hasn't permission for read.

-----------------------------------------------------------------------------------------------------

Date: 12/22/2020 12:19:37 PM, Tick Count: 2583543546 (29.21:39:03.5460000), Size: 535 B
Process: w3wp (21564), Thread ID: 581, Module: Altiris.PatchManagementCore.dll
Priority: 1, Source: Altiris.PatchManagementCore.PatchManagementPage.PageCheckPermission

Environment

ITMS 8.x

Resolution

Answer
The menus on Resource Manager are not like those on SMP Console—there is not a specific switch that allows or blocks access to them in case that the Security role should not have access to them.

Resource Manager has multiple components that are hidden by default. In order to give "Read" permissions to them:

  1. Open Security Role Manager (SMP Console>Settings>Security)
  2. Select the desired Security Role under the "Role" drop-down list. In this example, we will use a group called "RMusers" which was created previously under SMP Console>Settings>Security>Account Management>Roles.
  3. Under the "View" drop-down, select "Settings". Since you need to give access to "Hidden Console Elements" and it is hidden by default, click on the "glasses" icon to display those hidden elements.
    Note: on early versions, we had to manually make "visible" this folder. See KB 161257 "The current user does not have required permission 'read' to load item: Resource Manager Dashboard Console Menu"
     
  4. The menus displayed in the Resource Manager


    correspond to the objects under "Hidden Console Elements":
    "Resource Manager Console Menu" folder
    "Resource Manager Dashboard Home Menu Items" folder
    "Resource Manager Dashboard Summary Menu Items" folder
    "Resource Manager Dashboard View Menu Items" folder



    Give "Read" permissions under the "System Permissions" section for each of the folders listed above. Save the changes.

The menus on Resource Manager are based on what Data Classes, Resource Types, Reports, Policies, and Tasks that Role can see. You will need to give "Read" permissions to the following portions as well:

  1. Computer Resources.
    1. While having your Security Role selected under the "Role" drop-down list, select "Resources" under the "View" drop-down list.
    2. Click the "Add" icon.



    3. On the "Add Permissions" window that just opened, Go to Resource Management>Organizational Views>Default>All Resources>Asset>Network Resource click on the "Computer" folder and click on ">" to add it to the "Selected items" section. Click OK.
    4. Select the "Computer" folder and give "Read" permissions under the "System Permissions" section. Save the changes.
      Note: Sometimes you may need to select "Read Resource Association" and "Read Resource Data" under the "Resource Management Permissions" options.



  2. Filters.
    1. While having your Security Role selected under the "Role" drop-down list, select "Resources" under the "View" drop-down list.
    2. Click the "Add" icon.
    3. Use the same steps as mentioned in the previous step 1 and Go to "Resource Management>Filters"

    4. and click on the "Filters" folder and give "Read" permissions under the "System Permissions" section. Save the changes.
      Note: You can start with all Filters and come back later and just give "Read" access to specific ones as needed.



  3. Policies. 
    1. While having your Security Role selected under the "Role" drop-down list, select "Policies" under the "View" drop-down list.
    2. Click the "Add" icon.
    3. Use the same steps as mentioned in the previous step 1 by adding the "Notification Server>Policies" folder and clicking on the "Software" folder and giving "Read" permissions under the "System Permissions" section. Save the changes.
      Note: You can start with all Policies and come back later and just give "Read" access to specific ones as needed.




  4. Reports.
    1. While having your Security Role selected under the "Role" drop-down list, select "Reports" under the "View" drop-down list.
    2. Click the "Add" icon.
    3. Use the same steps as mentioned in the previous step 1 by adding the "Notification Server>Reports" folder clicking on the "Reports" folder and giving "Read" permissions under the "System Permissions" section. Save the changes.
      Note: You can start with all Reports and come back later and just give "Read" access to specific ones as needed.


  5. Data classes. 
    1. While having your Security Role selected under the "Role" drop-down list, select "All Data Classes" under "View" drop-down list.
    2. Click "Add" icon.
    3. Use same steps as mentioned in the previous step 1 by adding "Resource and Data Classes Settings>Data Classes" folder and Click on "Data Classes" folder and give "Read" permissions under "System Permissions" section and "Read Resource Data" under "Resource Management Data" section. Save the changes.
      Note: You can start with all data classes and come back later and just give "Read" access to specific ones as needed. If you want to disable a specific option to be shown to that Security Role, try to identify the proper data classes associated to the desired tab and remove the Security Role from it.



  6. After giving "Read" permissions to the main components:
    1. While having your Security Role selected under "Role" drop-down list, select "All Items" under "View" drop-down list.
    2. Select Policies>Software folder and give the following permissions under these sections:

      (Report Permissions)

      *Run Reports

      (Resource Management Permissions)

      *Read Resource Data
      *Read Resource Associations

       




    3. Select "Reports" folder and give the following permission under this section:

      (Report Permissions)

      *Run Reports

    4. Select "Settings>Notification Server>Resource and Data Classes Settings>Data Classes" folder and give the following permissions under these sections:

      (Report Permissions)

      *Run Reports

      (Resource Management Permissions)

      *Read Resource Data
      *Read Resource Associations



    5. Save changes and test your User after these settings.
Powered by Wolken Software