McAfee EPOLICY ORCHESTRATOR 3.6 - WALKTHROUGH GUIDE Manual page 23

®
ePolicy Orchestrator 3.6 Walkthrough Guide
Global administrators can use the console to deploy agents and security products,
change agent or product policies, create and run client tasks for updating DAT files or
performing on-demand scans for any node in any site in the Directory. In addition, only
global administrators can perform certain server-based functions.
Only global administrators can perform the following repository management
functions:
Define, edit, or remove source and fallback repositories.
Create, change, or delete global distributed repositories.
Export or import the repository list from the server.
Schedule or perform pull tasks to update the Master Repository
Schedule or perform replication tasks to update distributed repositories
Check packages into the master repository, move packages between branches, or
delete packages from the master repository.
Only global administrators can perform the following server management functions:
Change server settings and work with server events.
Schedule Synchronize Domains server tasks.
Verify the integrity of IP management settings, or change site-level IP subnet masks.
Add and delete user accounts.
View and change all options on all tabs in the
Orchestrator authentication.
Import events into ePolicy Orchestrator databases and limit events that are stored
there.
Create, rename, or delete sites.
Site administrators
Site administrators have read, write, and delete permissions and rights to all operations
(except those restricted to global administrator user accounts) for one or more
products, and one or more sites in the Directory.
Site administrators can use the console to deploy agents and security products, change
agent or product policies, create and run client tasks for all groups or systems within
their sites in the Directory (for products to which they have permissions). Site
administrators can also run reports, but the reports show only data on systems located
within their sites. The site administrator is able to see, but not change, other sites in
the Directory.
Best practices information
Create site administrator accounts if you have a very decentralized network with no
single global administrator account or where different local administrators have local
control over their parts of the network. For example, your organization may have sites
located in different cities or countries, and these sites may have local IT or network
administrators with rights to install and manage software on systems in that part of the
network.
You can also create site administrator accounts if you have administrators who you
want to only have ePolicy Orchestrator permissions to specific products.
ePolicy Orchestrator Directory: concepts and roles
Events
dialog box, if using ePolicy
20
Organizing the Directory and Repositories
3