Solution: Permission Set to allow Editing Policies
I wanted a permission set that allowed an ePO user to edit policies without opening the flood gates. I'm posting this, not because i have a question (this is providing a solution) but because I struggled to find a precise answer to this.
I created a test epo user (JoeBob) that has no permissions to anything (including system tree, software, etc). I removed all of their permission sets.
Created a new permission set called "Edit Policies" that only included the following:
Endpoint Security Web Control (I chose Web Control for this example)
For Policy, set it to View and change settings > Save
Policy Catalog > change Product to the policy you want (I changed it to EndPoint Security Web Control to display it)
for the policy you want JoeBob to be able to edit, under the Owner column, click on the Administrators link and check the box for JoeBob > then Save.
User - JoeBob - refreshes their ePO console (if they are logged in) and they will have rights to edit the Web Control policies.
That is all you need. Very minimal.
This worked on ePO 5.9.1 and ePO 5.3.2. 🙂
Idea: You can have a Permission Set for each policy or one set that grants permissions for all of them.