|
When I create a Security Partition
in my Configuration Group, I have a second Service Account to manage a group of
Agents. Is it now possible to delegate administrative rights to MOM users that
they will only get information from these agents?
Furthermore is it possible to give some of them rights that they will only be
able to manage this security partition, and not the other agents, which are
managed with the other Service Account?
Contributed
By: Nissim Ben-Maor [MVP MOM]
and Mike Betts [MVP MOM]
You can't quite do this.
If you create a security partition then the account used to install/
uninstall and scan agents is bound to that DCAM. This will mean that only
that DCAM can "change" the configuration of those agents, so this is a win.
However, because it is still a single configuration group you will be
reporting to the same database therefore it will not be possible to have
only certain users seeing only certain agents apart from creating different
views for the different users and this can be overridden by the user.
In order to achieve your goal you will need to use a second Configuration
group or use the MOM SDK 2 if you only want to control the alerts, views
etc. (you still can't partition the security within MOM i.e. to manage only
Exchange servers Processing Rules etc.)
|
