How do I create and define a security role for a specific user for Scoping?
ITMS 8.x
Follow these scoping steps to help the customer define these limited roles:
· Create a User and provide a password using ‘Local Users and Groups’ for the computer.
· In the Console go to Manage>Organizational Views and Groups
Ø Right-click on Organizational views node.
· Select New -> Organizational view from context menu.
Ø Rename new organizational view (optional)
· Click new organizational view to select
Ø Right-click on new organizational view.
§ Select New -> Organizational Group from context menu.
§ Rename new organizational group (optional)
· Click new organizational group to select
Ø In the right hand panel click Add and select Computers
Ø In pop-up window select ‘Available resources:’ and move them to ‘Selected resources:’ so they will be viewed in this new organizational view.
Ø Click OK
· Go to Settings >Security>Roles
Ø Right-click on Security Roles node.
Ø Select New -> Security role from context menu.
Ø Provide name for the new role and click OK
· Highlight new security role in the left tree panel
Ø In right hand panel click Membership tab and add previously created user to the role.
§ Click ‘Add’ (plus sign)
§ Select User
§ Local computer or Domain
§ Starts with: (Type New User name created at the beginning)
§ Click ‘Find’
§ Once found click OK
· Click the General tab and click ‘Show Security Role Manager Console’ button
Ø From ‘View:’ dropdown selector, select Console menu
§ Click Edit icon (pencil sign)
§ Select (check) Console items to be viewed by this security role. (Note: if you don't select any, then the User won't be able to open the Console at all).
§ Save changes
§ Set Noninherited Permissions - Folder and System
§ Save changes
Ø From ‘View:’ dropdown selector, select Resources
§ Click button Edit (pencil sign)
§ Click your custom organizational view in Resource Management -> Organizational views. (Note: if you select Default, then User will be able to see all computers)
§ Save changes
§ Set Noninherited Permissions - Folder, System, Resource Management and Task Server
§ Save changes
(If you need to verify Reports' scoping functionality, complete the following steps)
Ø From ‘View:’ dropdown selector, select Reports
§ Click button Edit (pencil sign)
§ Select required reports to be viewed by User
§ Save changes
§ Set Noninherited Permissions - Folder and System
§ Save changes
Ø Close the Security Role Manager Window
Ø Back on the Created User Role click ‘Save changes’
· Verify that the option to select 'Software Bulletin' is selectable for this role
Ø Manage > Organizational Views and Groups > Highlight ‘Default’
Ø In the right screen click the 'Filter...' button (top right corner)
§ Scroll down until you find 'Software Bulletin' (about half way down)
§ Select to place a check mark
§ Click OK
· Open the Console on a remote machine with User credentials, or login to the current machine with User credentials and open the console.
· Verify that the User can see only allowed items and in the Organizational Views and Groups screen, there should only be computers that the User should see.