Asset Management Suite

Hello,

I have created an account for a user to login to our Altiris console but I only want this user to meanly run reports and run tasks/jobs that I have already created. I don't want them to be able to edit these but simply execute them. Here's an example: I created a task to reset password to xyz for the user John. I would this account to be able to locate this password reset script and use Altiris to run/execute this task on whichever computer they choose but I do not want this account to be able to create new tasks and jobs or edit them. How wudl I accomplish this? I'm running 8.5 RU3

Hello Sid9678!

As far as I understood, this restricted account should not see main "Asset Management" page?

If this restricted account should not be able to create/modify reports, jobs or tasks, and just run reports and schedule existing jobs or tasks for managed client computers, then you can use **** way:

1. Clone existing default "Symantec Level 1 Workers" role and thee in this cloned role this restricted account

2. On "Roles" page, click on your cloned role and go to "Privileges" tab.
Check "Schedule Task", "Start Task" and "Stop Task" privileges and save changes

3. Open "Security Role Manager" page and choose there your cloned "Role"
Choose "Resources" > click on "Resource Management" root folder and check "Run Script" check box > save changes

---// If you want to allow this restricted Role/Account to schedule not only "Script" tasks but also "Power Control" or "Service Control" task types, then check also "Run Power Control" and "Run Control Service State" checkboxes.

4. In "Security Role Manager" page for cloned restricted role, choose "Tasks" in view and check "Task Server Permission" Run Task permission for example on each required task separately or if you want to allow all existing task to run by this restricted Role, then you can click on root "Tasks" folder and check Task Server Permission" Run Task permission > Save changes.

5. If you are using "Password Management" task from "Real Time Console Infrastructure" solution, then you will need to enable privileges for this restricted account to allow "Password Management" task task

Best Regards,
IP.

Original Message:
Sent: Feb 10, 2022 03:54 PM
From: Stavly Sanchez
Subject: User Accounts

Hello,

I have created an account for a user to login to our Altiris console but I only want this user to meanly run reports and run tasks/jobs that I have already created. I don't want them to be able to edit these but simply execute them. Here's an example: I created a task to reset password to xyz for the user John. I would this account to be able to locate this password reset script and use Altiris to run/execute this task on whichever computer they choose but I do not want this account to be able to create new tasks and jobs or edit them. How wudl I accomplish this? I'm running 8.5 RU3