1 Reply Latest reply on Aug 26, 2010 9:29 PM by jstanley

    Need help with permission sets

      I am trying to give access to a tech to "create/edit a system task" that runs a "Query" and "assigns a policy" to the result set of machines.

      I am able to perform these steps as a Global Admin so I am turning this over to one of the techs to perform.

      I created a new permission set for this and gave full access to Queries, Server Tasks, Policy Assignment Rules, assuming that this would be enough.

      The tech already has system tree access from another permission set.

       

      The result is that this tech can:

      -> see all the server tasks and create new ones but not edit the existing ones that i created, which is fine.

      -> add the shared query to a new the system task, fine

      -> select a list of some subtasks ... not fine, not all the ones show up, including the one I want which is "assign policy"

       

      anyone know which permission set assignment I am missing, or if this is possible to do? i'd hate to have to assign the tech Global Admin just for this procedure.

        • 1. Re: Need help with permission sets
          jstanley

          Did you give the tech permissions to change any product policies?

           

          As a test I setup a permission set with permissions to the following:

          • Queries
          • Server tasks
          • Systems
          • System Tree access
          • VirusScan Enterprise 8.7

           

          After that I was able to create a task that runs the duplicate systems report and assigns a VSE policy to the results. I noticed you gave the  Policy Assignment Rules permissions which is actually used for user based policies. If you want the tech to be able to modify the policies for VSE 8.7 for example you would have to give him permissions to VirusScan Enterprise 8.7 in the permission set.