Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 972 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Separating Groups of Users who can edit Policies

BLC

We separate our IT roles between Workstation Management and Server Management, and we'd like to be able to separate those who can edit Sophos Policies between these two groups.  We'd like one group to only be able to modify Workstation Policies and another who can only modify Server Policies. 

Is there a way to do this on the same console server?  If not, can it be done with two console servers with two separate databases?

:23071


This thread was automatically locked due to age.
  • 0

    HI,

    You should be able to create 2 sub-estates, one includes the servers, one the clients.

    If you link different policies to each groups, only the users assigned to the sub-estate should be able to edit the policies linked.

    Regards,

    Jak

    :23075
  • 0

    I just ran a quick test and this does appear to work.  The interface is a bit odd when you set it up, as it appears that anyone who has Policy Edit rights has rights to edit all policies.

    ~~~~

    :23117
  • 0
    Hello BLC,

    the users should always be confined to their sub-estate. They can edit any polic which does not "cross estate boundaries". I.e. if a policy is assigned to at least one group which belongs to a sub-estate where the user has no special rights s/he shouldn't be able to edit this poliy.

    Christian
    :23119