Thank Igor!
Your instructions were perfect, managed to get the permissions I wanted without too much exposer.
Tnx,
Hagai
---------------------------------------------------------------------
A member of the Intel Corporation group of companies
This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.
Original Message:
Sent: 1/13/2022 5:31:00 AM
From: Igor Perevozchikov
Subject: RE: Run Tasks permission from SMP (not "Symantec Administrators")
Hello Hagai!
1. Case when you see these two messages in opened task
Solution:
Find folder or required task in SMP Console -> right click on folder where tasks are in or just on required task -> open "Security Role Manager"
In opened Security Role Manager page, make sure that you have selected "Security Role" where your affected accounts are members
In tree you will see your required task, then click on it and make sure that "Read", "Write" and "Run Task" permissions are checked (save changes)
After this, another accounts who didn't have permissions for appropriate tasks, will be able to modify or schedule it
2. Another case, when non administrator security role tries to schedule script tasks but it doesn't work because of missed another permissions
As example of such case:
Solution:
In SMP Console, open "Settings" -> "Security" -> "Security Role Manager"
Once again, in opened Security Role Manager page (like on picture below):
- Choose affected "Security Role" from drop-down menu
- Choose "Resources" from drop-down menu:
- Find there "Computer" under "Default" organizational view folder -> click on it and check "Run Script" permission checkbox
Save changes.
Best regards,
IP.
------------------------------
[JobTitle]
[CompanyName]
[State]
------------------------------
Original Message:
Sent: Jan 11, 2022 10:20 AM
From: Hagai Nachmani
Subject: Run Tasks permission from SMP (not "Symantec Administrators")
Hi Experts,
I wish to grant a few contacts the ability to right click on a filter group, or a target machine and run tasks that were created by admin user that installed the SMP (ITMS 8.6 RU1).
I know that if I grant those contacts permission by adding them to the "Symantec Administrators" than it works, but i dont wont to grant such a broad over extensive permissions.
I've went over all permissions options to grant just that, but no luck.
Could some please tell me what are the exact permissions that grant such actions?
I want to be able to see this from a task / job view:
and not this:
Could you please explain and demonstrate which tags to choose to be granted such options?:
I want them to have an option to run a task that previously was created by me, or by Admin, but unless i choose "Symantec Adminsitrators", they can only see the default list, and even then, they can't run it.
i've used this KB as a reference, and still didn't got anything:
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/it-management-suite/ITMS/Administration/Configuring-Security/Security-Privileges-and-Permissions/security-permission-categories-v14292761-d846e56321.html#v14292761
Please Help,
Tnx,
Hagai