3 Replies Latest reply on Feb 8, 2017 1:28 PM by talk2neeraj2k7

    Role Based Access Control


      Hi Everyone,


      I am using LDMS 2016.SP3, testing and experimenting RBAC. Is it possible "not to allow a LANDesk administrator to view a particular scope and all the devices (servers / desktops) those belongs to this scope".


      Example: There are two persons managing LANDesk, lets say Admin1 and Admin2. and below mentioned scopes are created:

      Internal Scope

      Client1 Scope

      Client2 Scope

      Client3 Scope


      This is what I would like to achieve:

      Admin1 should only access 'Internal Scope' and all the devices part of this scope and can perform everything in LANDesk (including approving CSA certificates)

      Admin2 should be able to access 'Client1 Scope' , 'Client2 Scope' , 'Client3 Scope' and all the devices part of these scopes and can perform everything in LANDesk (including approving CSA certificates)


      If above mentioned is not possible to achieve, in that case my question is 'How about Tenant Management Feature?' Can it help?


      Kindly assist me with your thoughts.


      Thank you,


        • 1. Re: Role Based Access Control
          michael.odriscoll SupportEmployee

          Hi Neeraj,


          Thanks for posting your question to the Community.


          Did you manage to find any more information on this? Please share anything you deem useful here with the rest of the Community. You might help someone with a similar question.



          • 2. Re: Role Based Access Control
            phoffmann SupportEmployee

            Ultimately "no" is the short answer here.


            Sure, you can assign "scope 1 and scope 2" to an admin, but *being* a LANDesk admin, there's nothing to stop that guy from editing himself (as a user) and give himself "All Devices".


            It kind of goes with the territory of "being an admin".

            1 of 1 people found this helpful
            • 3. Re: Role Based Access Control

              Thanks phoffmann,

              We are using LANDesk in MSP setup, and would like to separate client devices and our Internal devices.

              Due to audit and compliance reasons we have to separate client and our internal devices in LANDesk in such a way that whoever is managing internal devices through LANDesk should not access client devices.

              and likewise whoever is managing client devices should not access our internal devices. So idea is to have two authorities one can fully control client environment and other can fully control internal environment.

              is it possible to achieve / is there any workaround that you can suggest? Can tenant Management help in our described scenario?


              Thank you,

              Neeraj Kumar