Good morning Pablo Llorente!
Could you please provide information:
1. How this security role was created? Cloned from default "Symantec Administrators" role or from any other default role?2. What restrictions has this affected security role? Otherwise this role can see all default Org Views/Org groups and resources
For example, how looks accessible Org groups, resources for this Role
3.Pablo Llorente: We have removed the accounts and created them again and the problem has been solved.IgorP: Looks like I'm too late.. Would be useful to check where Accounts were "Member of" other Security roles
For example, check "Member Of" and "Members" tab for affected Security role
Also check "Member Of" for affected "Account"
This case isn't same as described here https://community.broadcom.com/symantecenterprise/discussion/filters-new-computers-and-installed-agent#bm9ff586e8-25b8-410f-b707-8d0b2e745364 ?
Hi Pablo Llorente!
Many thanks for detailed information in attached .pdf file.
I can't reproduce this problem. All custom roles cloned from "Symantec Level1 Workers" or "Symantec Administrators" role, set same permissions for same Items, resources (like it is shown on pictures from attached .pdf), after upgrade from 8.6 RU2 to 8.6 RU3 release, all custom roles (accounts in) have same permissions and see only allowed Items, Resources, Filters in SMP Console.
Assume that maybe these affected accounts/other roles were added in not required "Security Role" therefore they saw all other items in console.Please check "History" for affected accounts and roles
Example, when you right click on account or role to see "Resource Change History"
PL: As I commented, I removed those accounts and created them again, so nohistory is available. In any case, I dont have the same menu as you, I donthave the "CMDB Functions" when I right click over an account.
IP: Yes, I remember that those accounts were removed to fix main problem with permissions.
Seems like you are using "Client Management Suite", therefore there is no "CMDB Functions" available via right click menu in Console.You can install "Altiris CMDB Solution" product (it doesn't require license nodes to use it)As example if there is CMS 8.5 RU4 installed and user wants to install "Altiris CMDB Solution" product.
So in future if similar case will appear, you can check "Resource Change History" via right click on affected account(s) or Role(s) to identify what is changed, when and who changed.
PL: Is there any log available that is created during the upgrade that we could check?IP: During upgrade there is such information about separate account or role but if you had "Verbose", "Trace" log level enabled, then you can try to find all related logs for affected account from Altiris Log Viewer on SMP Server.
For example all logs related to my account- "Verbose" and "Trace" log level was enabled so all current NS logs can show me information for required Account changes
Choose "All" existing log files to check (or for some days ago)
Specified affected "Account" name to show logs only where this account involvedBest Regards,IP.