2 Replies Latest reply on Apr 3, 2017 6:26 PM by synsa

    LDMS Scoping and Permission

    Motaz ITSMMVPGroup

      Hello there,

       

      I would like to have some recommendations regarding scoping and permissions. Now I am in an environment where we need to assign specific devices to be managed by specific team. For example, SharePoint Servers should be managed by a user named X. SQL Servers need to be managed by a user named Y. Now I can configure scoping for this but my question is that we have several SharePoint and SQL servers. Like below:

       

      SharePoint Production Servers
      SharePoint UAT Servers
      SharePoint DR Servers

       

      Same goes to SQL. So what is the best way to do this classfication in LDMS? I would like to have them in a tree view like below:

       

      SharePoint Servers>

           SharePoint Production Servers

           SharePoint UAT Servers

           SharePoint DR Servers

       

      This is needed for patching purposes as each team need to take care of his own servers without having access or seeing other teams servers.

       

      I though of using groups but I am not quite sure if it is the best method. Please advise

        • 1. Re: LDMS Scoping and Permission
          MarXtar ITSMMVPGroup

          Scoping doesn't apply to the grouping of devices, just what can be seen. So what you need to do is identify a grouping structure that works the way you need after the scope has been applied.

           

          From a grouping perspective you have either Groups (manually configured and maintained) or queries (automatically updated).

           

          Manual Grouping will give you a tree structure that is easy to use but hard to maintain (if there are changes frequently). Queries can be placed into a tree structure but you do not see the list by clicking on the folder, you have to run the individual queries inside.

           

          Both of these have benefits and drawbacks but in most cases, queries (if you can build one that can identify these correctly) would be better.

           

          ALSO

           

          Consider the use of Teams. If you created a tree structure that is visible to all, then for those that don't have certain servers in scope they will see the tree but with empty folders. That might be OK. What you could do is create Teams for each of these groupings and build a tree structure in there. This way the Team area and therefore the tree is not visible to anyone no a member of that team. It has the added benefit of allowing you to group other things that those teams would also find useful such as scripts and packages.

           

          Hope this helps inform your thoughts.

           

          Mark McGinn

          MarXtar Ltd/MarXtar Corporation

          http://ivantione.marxtar.com

          Ivanti One Development Partner

           

          Try MarXtar State Management for Ivanti to Better Understand and Manage your Assets

          • 2. Re: LDMS Scoping and Permission
            Specialist

            Also, worth a mention I think, that applying scopes to your teams / users may put a substantial amount of extra processing on your database for every transaction.  If you have an old or under-spec environment this would be something you'd want to take into consideration.

            1 of 1 people found this helpful