Hey all - working with a 2007 R2 system - though the problem exist in the new 2012 environment as well.
We are trying to fine tune roles so different groups only see what they need within the Console yet have enough Authoring rights to get day to day work done. No matter how fine I tweak the "Authoring Security Profile Role", the user sees way too much via the monitoring tab. The user can also create objects within other pre-created folders too. Testing - Created a group and a new MP - Same MP used thru out the testing. Added one Windows Server Role to the group - (Windows Server|Filter by Name|Server object name) Created a Test Folder and an alert view - assigned all alerts to the group above. Created Authoring Security Profile and added one user to the Profile. Restricted the View and Group scope to only the one relevant folder/alert view. User has no rights in any other Security Profile Role. This has been verified by checking any other created Profiles. When I remove the user from the profile I created, the user has zero rights to the Opsman console. Can't even log in. However when I use the Operator Profile - the user can only see what they have rights to but the user can't create anything. Is this normal behavior in Opsman? If so, it strikes me odd that the wizard walks you thru a scenario where it really looks like you can tighten things down. Thanks - Ethan - University of Missouri
