The Policy Rights dialog box lets you control the operations that the selected administrator can perform on policies.
Specify the Policy folders (contexts) that you want the administrator’s Policy rights to apply to. To select a folder, click Add to display the Contexts dialog box, browse for and select the folder (or multiple folders), then click OK. The rights also apply to the folder’s subfolders.
The Privileges section lets you grant the selected administrator rights to work with policies, including policy groups and folders listed in the Contexts section.
The following rights are available:
|
RIGHT |
OPERATIONS CONTROLLED BY THE RIGHT |
NOTES |
|---|---|---|
|
View Leaf |
|
Setting the View Leaf right to Deny forces all other Policy rights to Deny. The View Leaf right must be set to Allow to perform any other policy operations. Also, if you want to provide an administrator the rights to only view the policies, then besides the View Leaf rights, enable either the Manage Configuration Policies right or the Manage Security Policies right, based on the policy type. |
|
Modify Groups |
|
|
|
Create/Delete Groups |
|
Setting the Create/Delete Groups right to Allow forces the Modify Groups right to Allow. This means that an administrator who creates a group also receives rights to modify it. |
|
Modify Group Membership |
|
In addition to this right, an administrator must also have the Manage Configuration Policies right or the Management Security policies right. For example, to add a Configuration policy to a group, an administrator must have the following two rights:
|
|
Modify Folders |
|
|
|
Create/Delete Folders |
|
Setting the Create/Delete Folders right to Allow forces the Modify Folders right to Allow. This means that an administrator who creates a folder also receives rights to modify it. |
|
Author |
|
In addition to this right, an administrator must also have the Manage Configuration Policies right or the Management Security policies. For example, to create a Configuration policy, an administrator must have the following two rights:
|
|
Publish |
|
Setting the Publish right to Allow forces the Author right to Allow. This means that an administrator who has rights to publish policies also has rights to author policies. In addition to this right, an administrator must also have the Manage Configuration Policies right or the Management Security policies. For example, to publish a Security policy, an administrator must have the following two rights:
|
|
Assign Policies |
|
In addition to this right, an administrator must also have the Manage Configuration Policies right or the Management Security policies right and the Device Rights - Assign Policies right or User Rights - Assign Policies right. For example, to assign a Security policy to a device, an administrator must have the following two rights:
|
|
Modify Settings |
|
|
|
Manage Configuration Policies |
|
This right enables the Author, Publish, Modify Group Membership, and Assign Policies rights to apply to Windows and Linux Configuration policies. Configuration policies are provided by ZENworks Configuration Management and include the Windows Configuration policies (Browser Bookmarks policy, Dynamic Local User policy, Local File Rights policy, Printer policy, Remote Management policy, Roaming Profile policy, SNMP policy, Windows Group policy, and ZENworks Explorer Configuration policy), Linux Configuration policies (External Services policy and Puppet policy) and all Mobile policies (Mobile Compliance Policy, Mobile Device Control policy, Mobile Enrollment policy and so on). |
|
Manage Security Policies |
|
This right enables the Author, Publish, Modify Group Membership, and Assign Policies rights to apply to Windows Security policies. |
|
View Audit Log |
|
This right does not allow the administrator to view event details. To view event details, the administrator must have the View Audit Event right. |
|
View Audit Events |
|
Setting the View Audit Events right to Allow forces the View Audit Log right to Allow. |