This document is intended to provide information that will help make the permissions and privileges existing roles have more transparent.  Making it possible to better understand what is needed for specific scenarios.

The following sections are provided to help here.

• Matrix that shows all permissions and privileges assigned to out-of-the-box roles
• Script that can be run in SQL or as a report that will create a matrix that includes Custom Roles
• Links to Security Role related KB's that can help provide a better understanding of the SMP Security
• Links to KB's that cover common scenarios

Matrix for Permissions and Privileges

The attached file "Privileges and Permissions per role.xlsx" contains the following:

• Privileges - Shows All Security Roles and the Privileges assigned to them.  Grouped by the Display group they are displayed in
• Folder Permissions - Shows All Folders grouped by the folder path, where any permissions are specifically assigned.  It does not show inherited permissions
• Item Permissions - Shows Items that have security applied specifically to them by role, grouped by the path to the Item.
• Permission list - List of all possible permissions, with a description and the associated GUID
• Privilege list - List of all possible Privileges, with a description and the associated GUID 

NOTE: There are filters at the top of each column that make it possible to limit the results to more usable amounts of data.

The following screenshot shows how easy it is to see the Management Privileges assigned to each role.

Script to create the Matrix

The attached "Security Matrix builder for Permissions and Privileges.sql" file has four sections, to see similar data for a different version or to include custom roles in the matrix

• Get matrix for Privilege role comparison
• Get matrix for Permission role comparison of Folders or Items
• Get Permission list
• Get Privilege list

Security Role information KB's & Documentation

• 181487 - Common references on Security Roles and Permissions
• 169642 - Troubleshooting missing permissions for Security Roles
• 170435 - "Task Types" tree not visible in Security Role Manager for custom roles.
• Creating and Configuring Security Roles
• Assigning Privileges to a Security Role
• Adding Members to a Security Role
• Assigning a Symantec Management Platform User Account to a Security Role
• Adding Security Roles as Members of Other Security Roles
• Assigning Security Permissions to Folders and Items
• Customizing Permission Inheritance
• Predefined Security Roles

Common Custom role KB's

• 181908 - How to create a custom security role for assets
• 181049 - How do I add the ability to perform Patch Management Admin processes to an existing canned user?
• 161257 - The current user does not have required permission 'read' to load item: Resource Manager Dashboard Console Menu
• 181462 - How to create a Security Role that can see the content for "Add Custom Criteria" while adding a "Custom Search Criteria" in Activity Center
• 171861 - Scope with Security Roles to manage Workstations and Servers