When you (the administrator) perform the following actions, you expect to be allowed to add the domain user or group under the Members tab:
After performing these actions, however, you are unable to select any domain users or groups. You are only given the option to select Accounts or Roles.
Another Use Case:
So, what we did is the following:
However, when he logs into the SMP Console using his user account (which is a member of the 'Testing\Domain Users'), the customer only sees the top menus but he get access denied in any of the left tree views.
8.x
This is expected behavior.
Role memberships are managed as resource associations between Roles and Trustees (Roles and Accounts). Only managed Roles or Accounts can be added as members of a security role.
To support the Symantec Management Platform scenario where you want to add a user or a domain group to a security role, perform the configuration steps below:
1. Configure an Active Directory import rule to import the domain group.
a) Go to SMP Console>Actions>Discover>Import Microsoft Active Directory
b) Use or create a 'Role and Account' AD Import rule.
c) Select the Domain Group (in this case it should be a Security Group for it in AD) and run the AD Import
This creates a Symantec Management Platform Role/Account for the domain group/user. Members of the domain group are created as either Roles or Accounts.
2. Add the new role created by step 1 to the appropriate Security Role.
For example, if you want to add a domain group named "Testers" to the Symantec Management Platform role, do the following:
1. Configure a 'Role and Account' AD Import rule to import the "Testers" domain group.
This creates a new Role named Testers. The new role contains all of the members of the "Testers" domain group.
2. Add the new "Testers" role to the Symantec Management Platform role, for example the Symantec Administrators role.
a) In the SMP Console, go to Settings>Security>Account Management.
b) Under the treeview>Account Management, click on 'Roles'
c) Find the "Testers" Domain Group Role created from your 'Role and Account' AD Import rule
d) Under the 'members' tab you should see all the users and other groups that are associated to that " Testers" Group role
e) Under 'Members Of' tab, add the Security Role desired.