cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Permission Set vs. ePO Administrator

I want to use our Domain-Admin Group from Active Directory to authenticate in ePO. For that I created a new Permssion Set and allow everything. I added the Domain-Admin Group and now I can login with domain\aduser. But I do not have all permissions like the local ePO Admin. e.g. editing permission sets or add users. Is there no real "Global Admin" permission set who can do everything?

7 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: Permission Set vs. ePO Administrator

No, a global admin does not need a permission set because it has permissions to everything.  You would have to set up your domain admin account as an account in epo with global admin rights, not as a permission set.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: Permission Set vs. ePO Administrator

Thanks for your reply. I don't want to add a single user from AD. I want to add a group from AD. In fact I want to manage ePO Admins with AD, not with ePO. Can I add an AD Group to ePO and assign Global Administrator rights?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: Permission Set vs. ePO Administrator

The only way to add a group from AD is through permission sets, which is not possible for a global admin.  Permission sets are for users other than global admins, but have the ability to add AD user groups.  You would need to submit that as a PER  - see KB60021.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: Permission Set vs. ePO Administrator

Permission set with EPO

we also want to manage Administrator via AD group membership mapped to the permission sets

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: Permission Set vs. ePO Administrator

You can do that with permission sets, but anyone using a permission set will never have full global admin rights, no matter what permissions you set in them.  Global admins don't use permission sets.

https://docs.mcafee.com/bundle/epolicy-orchestrator-5.10.0-product-guide/page/GUID-1AEFA219-0726-409...

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: Permission Set vs. ePO Administrator

that's the whole point we want full global admin rights by AD groups

if you cant do the work without being full admin - then the other permission sets are null and void.

if you cant add new extensions, new software, set and modify policy - then the permission sets do not help

" will never have full global admin rights, no matter what permissions you set in them. Global admins don't use permission sets. "

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: Permission Set vs. ePO Administrator

I would suggest raising a product enhancement request to request that feature, as I am sure others would benefit from it.  See KB60021.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community