Symantec ALTIRIS CMDB SOLUTION 7.0 - V1.0 Manual page 46

46 Using organizational resource types and resources
About organizational groups and views
The Symantec Management Console has a default Default organizational view
that contains all known resources. As new resources are discovered in scheduled
updates and added to the CMDB, they are automatically placed in the Default
organizational view. The Default view organizes resources by type, with each type
of resource (computer, user, package, etc.) being placed in the corresponding
organizational group. You can manually copy the newly-discovered resources
into the appropriate organizational views.
CMDB solution automatically assigns resources into organizational groups. There
may be a delay between the resource being discovered and it being displayed in
the appropriate organizational group. Each newly discovered resource is placed
in the top level organizational group. The resource remains there until it is moved
into the appropriate organizational group. It is moved when the organizational
view refresh schedule runs.
You can remove resources from any organizational view except the Default view.
When a resource is deleted from the CMDB, it is automatically removed from all
organizational views using the delta update schedule.
You set up security by assigning the appropriate permissions for each security
role on each organizational view, and on the organizational groups within each
view. A permission that is assigned to an organizational group applies to all
resources in that group. By default the permission applies to all of the child groups.
You cannot assign permissions directly to a particular resource.
Permission grants on a resource are accumulated across organizational views. A
security role's permissions are the union of the permissions that the resource has
assigned through the organizational groups of the resource. If a security role has
permission to perform an action on a resource in one organizational view, the
role can perform that action. It can perform the action regardless of whether the
permission is applied to other organizational views that contain the same resource.
If a security role has read access in one organizational view and write access
another, then it has both.
Implementing resource security in this way gives each security role its own unique
view of the available resources. The security role determines which resources its
members can access, and what actions they can perform on those resources.
Filters, targets, and report results are dynamic and automatically scoped according
to the role of the user who owns them. Therefore, filters, targets, and report results
always contain only the resources to which that user has the necessary access
permissions.