IT Management Suite

View Only

Limiting users access to run jobs on only specific devices

Nathan Kollman posted Aug 11, 2025 03:49 PM

Hello ITMS Community,

I have a small subset of users that has very limited access to our console for training/testing purposes. We would like to further limit their access by only allowing them to run their jobs and tasks against endpoints which we have pre-approved.

How would I go about assigning access so this group of users can only send jobs and tasks to specific computers in a group? They would not always send to every endpoint in the group each time, so I'm looking for an option that allows individual endpoint selection.

I need to persist the current environment setup if at all possible as I have many different groups of users that leverage this system in different ways to perform daily tasks. This is the first request I've gotten where limiting access beyond normal role controls is needed.

Thanks in advance,

Nathan

Broadcom Employee Igor Perevozchikov posted Aug 12, 2025 01:39 AM

Hello Nathan Kollman!

1. Here is an information about resources restrictions for appropriate security roles
https://community.broadcom.com/symantecenterprise/communities/community-home/digestviewer/viewthread?MessageKey=70553223-92c3-4699-aada-52538b72c67b&CommunityKey=bf23126f-6eab-4bbe-965d-e26838c079e0&tab=digestviewer

2. Quick overview how to create limited scope of resources for restricted security role(s) within SMP Console:
Open SMP Console > Manage > Organizational views and groups

Create own custom Org view and custom Org groups under

Now we have custom Org view with some custom org groups where 1st org group contains some computers (approved for restricted security roles) and 2nd org group has some other resources (for example "User" resource)

Click on appropriate custom org group and add there required resources which will be accessible for restricted security role(s)

Now open "Security Role Manager"

Choose restricted security role(s) in "Role:" drop-down menu
Choose "Resources" in 2nd drop-down menu below

Now need to un-check all "Item Permissions" check boxes for selected root "Resource Management" folder and save changes
(Otherwise we are going to remove access to all "Filters" and resource types for this restricted security role(s))

Click "Refresh" in left pane to see what else is remaining for further Item permissions disabling

Now we need to add access to required custom Org view/Org groups and filter(s) for restricted security role(s)
Click "Add" button and click on "Organizational Views" in "Folder:" drop-down menu

Click on appropriate custom Org view(s) and add them to "Selected Items" list > click OK

Consider what type of task(s) can be allowed to run for this allowed devices for restricted security role(s) > save changes

Continue to add required filter(s) that will be allowed to see by restricted security role(s) in SMP Console
(Pay attention that if restricted roles should be allowed to see other resource type(s) in Console, then need to perform same steps to allow them see Software Components, command lines, packages, etc)

Now when everything is done, after logging to SMP Console under restricted security role, as we can see, I can only see allowed 4 computers where I can run tasks.

Although default Symantec Administrator role see all computers

Best regards,
IP.