Hi list, I'm trying to reduce our admin's work by providing more Spectrum configuration tasks to the users themselves.
One of these tasks is SANM. Policies are configured by us admins only but users should be able to add their devices of interest so that they're processed by a specific policy. To get this done I configured policy filters filtering by global collections as I don't want the users to be able to manage the policies but only the "content". My idea was to configure emty GCs and restrict the access to them by access groups: - global default access group is "globalaccess" - user group "department1" (and all contained users) has an extra access group "dep1" - new GC "SANM dep1" with security string "dep1" to restrict access to users with this access group - dep1 users should be able to add "their" devices to this GC To get the "add to -> Collections" activated for my dep1 testuser I had to grant "Manage Collections" permission to that user. So far no problem as I restricted GC access by security strings and only granted this permission for the extra access group "dep1". That's what I thought. But I'm bothered by two things: 1. The testuser has permission to manage ANY gollection - also these to which he should not have any rights as he's missing the access group. Why does the default function securing models in OneClick not work here? 2. In explorer only "Global Collection Hierarchy" should be visible, not "Global Collections" (containing all available GCs). Sure, the permission "Manage Global Collections" says it clear: "create, delete, modify collections" - but is it somehow possible to restrict the access to manage static content of global collections? Perhaps I'd implement a custom permission like "add/remove static GC content" to get the menu item "add to -> Collections" working without the "Global Collections" shown in explorer (but in GC hierarchy)? How should this be done? Am I somehow able to activate this menu item if EITHER permission "Manage Global Collections" OR custom permission "add/remove static GC content" is set? Any help or suggestion is very much appreciated! Regards, Marcel --- To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected]
