How do I create and define a security role for scoping in Patch Management
search cancel

How do I create and define a security role for scoping in Patch Management

book

Article ID: 179650

calendar_today

Updated On:

Products

Patch Management Solution for Windows

Issue/Introduction

How do I create and define a security role for a specific user for Scoping?

Environment

ITMS 8.x

Resolution

Follow these scoping steps to help the customer define these limited roles:

·         Create a User and provide a password using ‘Local Users and Groups’ for the computer.

·         In the Console go to Manage>Organizational Views and Groups

Ø  Right-click on Organizational views node.

·         Select New -> Organizational view from context menu.

Ø  Rename new organizational view (optional)

·         Click new organizational view to select

Ø  Right-click on new organizational view.

§  Select New -> Organizational Group from context menu.

§  Rename new organizational group (optional)

·         Click new organizational group to select

Ø  In the right hand panel click Add and select Computers

Ø  In pop-up window select ‘Available resources:’ and move them to ‘Selected resources:’ so they will be viewed in this new organizational view.

Ø  Click OK

·         Go to Settings >Security>Roles

Ø  Right-click on Security Roles node.

Ø  Select New -> Security role from context menu.

Ø  Provide name for the new role and click OK

·         Highlight new security role in the left tree panel

Ø  In right hand panel click Membership tab and add previously created user to the role.

§  Click ‘Add’ (plus sign)

§  Select User

§  Local computer or Domain

§  Starts with: (Type New User name created at the beginning)

§  Click ‘Find’

§  Once found click OK

·         Click the General tab and click ‘Show Security Role Manager Console’ button

Ø  From ‘View:’ dropdown selector, select Console menu

§  Click Edit icon (pencil sign)

§  Select (check) Console items to be viewed by this security role. (Note: if you don't select any, then the User won't be able to open the Console at all).

§  Save changes

§  Set Noninherited Permissions - Folder and System

§  Save changes

Ø  From ‘View:’ dropdown selector, select Resources

§  Click button Edit (pencil sign)

§  Click your custom organizational view in Resource Management -> Organizational views. (Note: if you select Default, then User will be able to see all computers)

§  Save changes

§  Set Noninherited Permissions - Folder, System, Resource Management and Task Server

§  Save changes

(If you need to verify Reports' scoping functionality, complete the following steps)

Ø  From ‘View:’ dropdown selector, select Reports

§  Click button Edit (pencil sign)

§  Select required reports to be viewed by User

§  Save changes

§  Set Noninherited Permissions - Folder and System

§  Save changes

Ø  Close the Security Role Manager Window

Ø  Back on the Created User Role click ‘Save changes’

·         Verify that the option to select 'Software Bulletin' is selectable for this role

Ø  Manage > Organizational Views and Groups > Highlight ‘Default’

Ø  In the right screen click the 'Filter...' button (top right corner)

§  Scroll down until you find 'Software Bulletin' (about half way down)

§  Select to place a check mark

§  Click OK

·         Open the Console on a remote machine with User credentials, or login to the current machine with User credentials and open the console.

·         Verify that the User can see only allowed items and in the Organizational Views and Groups screen, there should only be computers that the User should see.