KNOWN ISSUE: Disabling ''Enable policy'' permission is not respected for the Security Roles
Last Updated February 23, 2016
This has been resolved in all versions 7.1 and greater.
In the Security Role Manager, there is section of permissions titled "Policy Permissions". This section has two permissions, "Enable Policy" and "Apply to Resource Target".
From what the customer noticed "Enable Policy" never functions as expected and always allows any user the ability to enable any policy even though it is unchecked.
Here is an example of this issue (provided steps to duplicate):
The 'Enable policy' permission' for 'Altiris Agent Settings - Targeted' page(inherited from any parent folder) appears to have no effect on whether or not
a role can disable/enable a policy in this page. Furthermore, when I removed the 'Write' permission to this page, I can still enable/disable the policies
and click the greyed out 'save changes' button in the UI, but doing so will cause a 'The User does not have required permission to save item...' server
Steps to duplicate:
1. Go to settings > Security > Role and clone the Symantec Administrator role
2. Open the Security Role Manager for the cloned role, and select 'Settings' in the View dropdown
3. In the Root folder 'Settings', disable the permission 'Enable Policy' and 'Write'; the 'Altiris Agent Settings - Targeted' page should inherit these permissions.
4. Log in to NS as a user with the cloned security role.
5. Navigate to Settings > Agents/Plug-ins > Targeted Agent Settings
6. select a policy from the left menu, all fields should be greyed out, but the policy on/off switch is still enabled.
7. Turn on a policy and click 'Save Changes'
This issue has been fixed with SMP 7.0 SP5
Symantec Management Platform 7.0.7270 SP3
ID: ETK 1593317
Logged in Etrack (Symantec) database
Imported Document ID: TECH122137
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe