Symantec Privileged Access Management

  • Private Community

  • 1.  Delegated Admin not able to assign Service in a Policy

    Posted Jun 11, 2018 05:50 AM

    Hello

     

    We have several "delegated admin" that independently manage a group of users and a group of devices.

    With version 2.8.3 (and 2.8.2) , each admin could assign Services (like web portal) on the policies they configure.

    But with version 3.1.1, they don't even see the Services defined.

    This is something that have changed with this version ? I have to create a custom role permitting their access to the Services so they can use it in their policies ?

    Does any one had this issue ?

     

    Thanks in advance

    Best regards

    NM



  • 2.  Re: Delegated Admin not able to assign Service in a Policy

    Broadcom Employee
    Posted Jun 11, 2018 04:07 PM

    Hi Nuno, I tested and got the same results as you. I suspect that a hole was fixed where a role could access services without having the proper privilege, and that exposes a missing privilege in the Delegated Administrator role. If you create a custom role that has the same privileges as the Delegated Administrator role plus the "Read Services" privilege, it will work. If you want to allow full management of services, you would also add the Manage and Delete privilege for services. To me it looks like the real problem is that the role is missing those privileges, at least the Read privilege should be included. Can you open a support case if not done yet, so that we can follow up on this? Please refer to this thread.