Jump to content

Sign in to follow this  

Role Based Access Question

Recommended Posts

Hey guys,

I've created a service desk role in CM12 which allows the members to run reports, remote control machines and modify resources and collections.

In CM07 I was comfortable with these guys having this level of access as it wasn't the easiest thing for them to add multiple devices erroneously to a collection.

In CM12 I fear that one of the guys is going to right click a device collection (ie All Systems) "add items to existing collection" and add all the items in that there to a Photoshop CS6 collection or something like that.


Why is this button available so easily!?


I thought that with RBA I would be able to hide All Systems and collections like that from view using scopes etc to circumvent instances like this (sadly not the case).



Does anyone have a solution or way round this or am I missing something really simple?



Share this post

Link to post
Share on other sites

Hey! Thanks for that but that's not quite what I'm looking for.


I basically want to8*remove* from my Service Desk role the ability to add one collection to another collection using the "add items to existing collection" button.


In the example above the functionality is still available for them to add for instance "All Desktops" to "Photoshop CS6" etc.


Anyone have any ideas?

Share this post

Link to post
Share on other sites

I took another run at this and no joy.

I've got two roles:

SDREADER which had NO "modify" permission.
SDMODIFY : which has "modify" permissions.

I assigned them both to "MYDOMAIN\sdgroup" administrative user.

Then in security scopes I have:

Associate assigned security roles with specific security scopes and collections.

There I modify the security roles so that:

SDReader : Assigned to "All Systems" Collection and Default scope.
SDModify: Assigned to "Photoshop" Collection and Default scope.

I would expect that this would allow "MYDOMAIN\sdgroup" to navigate collections as normal but not allow "add selected items" or "add resource" anywhere other than the "Photoshop" collection where the permissions would be available.

Am I on the right track here or have I totally missed something?

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...