In April 2018, Symantec launched a new Entitlement Management Capability called the Account Based Entitlement View (ABEV), located within the My Products tab in MySymantec.
Customers can now see all their entitlements listed under the account that they were purchased as well as gaining access to their software and licence keys without having to register any serial numbers.
Resellers & Partners can now see all entitlements that they resold to their end customers enabling more on time renewals.
The Partner Permissions capability determines what Resellers & Partners can view in their ABEV, which is dependent on the relationship with their end customers. This document will explain these access permissions.
Customer Purchase Cycle
In the example customer cycle shown below, Bill @ Acme Inc purchases a licence for Symantec Endpoint Protection (SEP) via Reseller Skynet. Symantec fulfills the order by sending the welcome letter (which contains the serial number) and the licence key of the newly purchased asset to the appropriate contacts.
Contacts listed under the ‘End Customer’, ‘Ship To’ and ‘Reseller’ accounts on the order will be automatically provisioned in MySymantec enabling them to see the newly purchased asset in their ABEV. The contact will then need to create a Symantec Single Sign On account (also known as an NSL account) with their email address before accessing MySymantec.
Other contacts associated to those same accounts in MySymantec will also be able view the asset in their ABEV.
Typically, a reseller contact will see the following assets in their ABEV
All assets purchased for the resellers’ end customers – these will appear under the end customer’s account name in the ABEV
All assets purchased by the reseller for their own use – these will appear under the reseller’s own account name in the ABEV
This is illustrated by the diagram which shows the ABEV of a reseller contact for orders transacted by that reseller on behalf of their end customers. In the example, Skynet have transacted the following orders
Assets for end customers: Acme Inc (serial #1, #2, #3), Farm Foods (serial #4) and Globex Corp (serial #5).
Assets for themselves: Serial #6, #7, #8
As a result, a reseller contact will see all the above entitlements in their ABEV grouped under the appropriate accounts. An example ABEV is for a reseller contact is shown below:
Each account site and its corresponding asset are displayed in the ABEV i.e. Acme Inc has three serial numbers, Farm Foods and Globex Corp have one serial number each and SkyNet also has three serial numbers (purchased for its own internal use).
The ABEV for a reseller will only show assets purchased on orders between an end customer and the reseller.
In the example above, Acme Inc may have purchased entitlements from other resellers however these will not be visible in the ABEV for Skynet contacts.
Similarly, the ABEV for other resellers who have sold products to Acme Inc will not show any Skynet related products.
Hardware/Software Support for an Asset
An end customer has two options for supporting the hardware and software elements of an asset:
Direct support provided by Symantec
Secure One Support provided by an appropriate support provider
Each option has a set of access permissions that determine who can view that asset and what type of transactions they can carry out via their ABEV.
Direct Support Access Permissions
The following table details the access permissions for an asset with direct support from Symantec
For direct support, an End Customer contact has complete access to all ABEV capabilities whereas the ‘Bill To’ account contact has none.
At the same time, the Reseller and ‘ShipTo’ account contacts can only carry out the following:
View the entitlements in their ABEV Download software, generate licence files. Add-Ons/Upgrades/Appliance Swap/Content download and support case management
For Japanese customers with direct support, only the End Customer contact has complete access to all ABEV capabilities. The ‘Reseller’ , ‘Ship To’ and ‘Bill To’ contacts have no visibility.
Secure One Partner Support Access Permissions
For hardware appliances with Secure One Support, the support partner has complete access to all ABEV capabilities since it is their responsibility to provide all support for the appliance.
The end customer can only carry out the following:
View the entitlements in their ABEV
Download software, generate licence files, perform Add-Ons/Upgrades and carry out a Swap
Download content for appliances
The ‘ShipTo’ , ‘Bill To’ contacts do not get any access to the appliance i.e. they do not see the asset in their ABEV.
The Reseller contacts will not see the asset in their ABEV if it has hardware support from a Secure One Support Partner (SOSP)
The permissions are the same for Japanese customers with Secure One Partner Support – this contrasts with the permissions for Japanese customers with direct support as detailed in the previous section.
Partner Permissions – customer example
Looking at scenario at the start of the document, Acme Inc have purchased a Proxy SG appliance (serial #1) via the reseller Skynet Inc together with software support provided by Proton Corp and hardware support provided by Neutron Inc
For this scenario, the access permissions for each contact is as follows:
Bill (End Customer) can perform the following:
view the entitlements in their ABEV
Download software, generate licence files, perform Add-Ons/Upgrades BUT NOT a Swap since this is the responsibility of the hardware support provider Neutron Inc
Download content for appliances
Fred (Software support provider) has access to all ABEV capabilities except perform a Swap of the appliance (this is the responsibility of the hardware support provider Neutron)
Joan (Hardware support provider) has access to all ABEV capabilities including the ability to perform a Swap
Mary (Reseller) can only view the entitlements in her ABEV – note if hardware support was provided by a Secure One Service Provider then Mary would not be able to view the entitlement in her ABEV.