Novell ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5 Installation Manual page 51

After the Management Console is installed, all user groups within the domain are granted full
permissions. The resource user should remove permissions from all but the groups and users who
should have access. The resource user can set additional permissions for the designated users. The
permissions granted have the following results:
Management Console Access: The user can view policies and components, and edit existing
policies. Users granted only this privilege are not permitted to add or delete polices and the
publish and permissions options are unavailable.
Publish Policy: The user can publish policies only to assigned users and groups.
Change Permission: The user can access and change permissions settings for other users that
have already been defined, or grant permissions to new users.
Create Policies: The user can create new policies in the Management Console.
Delete Policies: The user can delete any policy in the Management Console.
NOTE: For security purposes, only the resource user or very few administrators should be granted
the Change Permission and Delete Policies permissions.
The following sections contain more information:
"Configuring Administrative Permissions" on page 51
"Configuring Publish To Settings" on page 52
Configuring Administrative Permissions
1 Click Tools > Permissions.
The groups associated with this domain are displayed.
Management Console Permissions Settings Window
Figure 7-8
NOTE: All groups are granted full permissions in the Management Console by default.
Administrators should immediately uncheck any and all policy tasks from unauthorized groups.
Access to the console can be removed by unchecking that permission.
Performing the Management Console Installation 51