1 of 1 people found this helpful
Hi mattwod, you can assign different permission sets to them so they can only see their specific system tree but you won't be able to set them see only their own policies because on ePO you can set permissions by product but not by policy owner
Thanks for the response, I just need a little clarification please...
So all administrators can see and use all policies? But only policy owners can edit the policies they own?
When you say I can set permissions by product does that means I could set permissions so that an administrator could either not see any policies or I can set it so he could see all policies? (But I cannot set permissions that would allow him to see some but not others)
So I would have 2 SUBtrees right? and I can assign permissions and access to those in such a manner that Admin_B would not even see the Division_A Subtree, or that person would see the Directory and it would be empty?
McAfee ePO Tree
| Division_A Systems: (Only Admin_A can see these systems and systems within the tree)
| Division_B Systems: (Only Admin_B can see these systems)
Other Systems: (Both Admins can see these systems)
Thanks again, really appreciate the quick response!
By default Global Administrators would have visibility into everything and are not effected by other permission sets.
You can configure a permission set for each product that you have and assign someone full rights for the policies for that product and they would be the only ones aside from the Global Admins that would have access to those policies.
You can also configure a permission set to restrict who has visibility into each point product (i.e VSE, HIPS, HDLP).
Additionally for the two Divisions you have listed above, you would need to create two permission sets and under the System Tree Access field, grant them only access to their respective container. only the user assigned to that permission set would be able to see the systems contained within.
Also you can have one person assigned to multiple permission sets if need be.