Creating a Management Server role to allow access to only 'Install Deployment Agent', 'Request Diagnostics' and 'Poll Now'

Version 2

    Verified Product Versions

    Management Center 10.0Management Center 10.1



    You may have a requirement to give administrative users limited access to the Management Console, providing the ability to only perform the following actions:


    Install Deployment Agent

    Poll Now

    Request Diagnostics




    Within version 10 onwards there is a new privilege available called 'Deployment Administrator' which allows a user to perform these actions, and you can implement this using the steps below.


    Firstly, ensure that the target user or user group has logon access to the Management Console, by right-clicking on "Server Permissions > Users/Groups" and selecting "Add User..." or "Add Group...":

    Once you have selected the user/group from Active Directory and clicked 'OK' they will be given basic permissions to log into the console but will have no access to view or modify anything.


    From here, you can choose whether to apply the additional permissions for either all Deployment Groups, or only specific ones.


    Option 1 - Deployment Administrator for all Deployment Groups


    1. First, you will need to go to the 'Security' section of the Management Console, right-click on "Security Roles > Server" and select "New Server Role":

    2. Once you have named your new server role, check the 'Deployment Administrator' permission:

    3. Also check the 'Deployment Group Viewer' permission:

    4. Now that the new server role is created, go back to the "Server Permissions > Users" or "Server Permissions > Groups" location, right-click the user/group you have added and select 'Security':

    5. You should now be able to allow the newly created server role for this user:


    Option 2 - Deployment Administrator for specific Deployment Groups


    1. First, follow the steps for Option 1 above, although at step 3, leave the 'Deployment Group Viewer' permission unchecked.


    2. At this point your user/group has the newly created server role assigned, although you will need to add 'View' permissions for a specific Deployment Group by right-clicking on it and selecting 'Security':

    3. Select the user/group here from the dialog, and assign the 'Viewer' role, so that when your user logs in they will be able to see this Deployment Group:

    4. You can repeat steps 2 and 3 to give your users access to any other Deployment Groups as necessary.