Hi!, As I understand it, you have:
1. Created a group with one object as member 2. You have created a new Author Role with no scope on targets, but scoped to the group created in 1. 3. Added a user to that role. 4. The user, when logged in, can do anything in the Monitoring pane. Yes, it seems that you can create folders and views in unsealed MPs, but you can only see and operate on objects you have permission for(objects in your group) /Henrik Fra: [email protected] [mailto:[email protected]] På vegne af Froese, Ethan Sendt: 25. februar 2015 16:15 Til: [email protected] Emne: [msmom] restricting the Monitoring View Hey all - working with a 2007 R2 system - though the problem exist in the new 2012 environment as well. We are trying to fine tune roles so different groups only see what they need within the Console yet have enough Authoring rights to get day to day work done. No matter how fine I tweak the "Authoring Security Profile Role", the user sees way too much via the monitoring tab. The user can also create objects within other pre-created folders too. Testing - Created a group and a new MP - Same MP used thru out the testing. Added one Windows Server Role to the group - (Windows Server|Filter by Name|Server object name) Created a Test Folder and an alert view - assigned all alerts to the group above. Created Authoring Security Profile and added one user to the Profile. Restricted the View and Group scope to only the one relevant folder/alert view. User has no rights in any other Security Profile Role. This has been verified by checking any other created Profiles. When I remove the user from the profile I created, the user has zero rights to the Opsman console. Can't even log in. However when I use the Operator Profile - the user can only see what they have rights to but the user can't create anything. Is this normal behavior in Opsman? If so, it strikes me odd that the wizard walks you thru a scenario where it really looks like you can tighten things down. Thanks - Ethan - University of Missouri
