Table of Contents
Advertisement
Security in Deployment Solution
Best practices for Deployment Solution security
Altiris Deployment Solution™ from Symantec User's Guide
Deployment Solution provides a security system based on associating job and computer
objects with user and group permissions, letting IT personnel be assigned to different
security groups to manage operations on specific computer groups or job folders. Each
security group can perform only a defined scope of deployment operations on each
computer group or job folder. Additionally, each user can be assigned rights to access
general console features. You can also choose whether to specify that scripts on run only
on the Deployment Server.
Note
Security rights and permissions set in one console are enforced in all Deployment
Consoles.
To set general security rights, click Tools > Security and add a user name
and password. You can create users and groups and set scope-based rights.
To set feature-based permissions for specific computers or jobs, select the
object in the console, right-click and select Permissions.
See
Best practices for Deployment Solution security
page 88,
Setting permissions
Deployment Solution is based on defining groups of users and groups of computers and
jobs, and associating one with another. We recommend that you first create user groups
based on administration duties or access to levels of deployment operations. For
example, You probably set up a group with full Administrator rights. This group has
access to run all operations on all computers using all types of jobs. No permissions
need to be set on each computer group or job folders for the Administrator group
because this has full rights to all features and resources.
However, you can also set up a Technician group that has only basic access and
permissions limiting deployment operations. This prohibits members of the group from
re-imaging the Server computer group or scheduling Distribute Disk Image jobs. You
can explicitly Allow or Deny the group from running these operations for each
computer group in the Computers pane or each job folder in the Jobs pane.
After creating the Technician group, you can limit their rights to set General Options and
set permissions on each computer groups and job folder for the group. See
options
on page 82. You can select the computer group, right-click it and select
Permissions. Select the group name in the left pane, and click Allow or Deny for a list
of deployment operations. Example: You can select the Deny check boxes for Restore,
Schedule Create Disk Image, and Schedule Distribute Disk Image.
Additional groups can be created with different rights and permissions depending on the
needs and responsibilities in the IT team. If users are assigned to multiple groups, the
Evaluate Permissions and Evaluate Rights features are sorted and display effective
permissions and rights.
on page 87,
on page 92,
Groups
on page 89, and
Enabling security
on
Rights
on page 90.
General
87
- Quick Links:
- General Error Messages
Hide quick links:
Advertisement
Table of Contents
