(imported topic written by PKLumos)
Hello, we’re running TEM 8.2 and would like to enable our front line techs some limited console access. I realize the most efficient way to go about this is to create a new role, but a simple “non-master” operator is still too powerful. I’d like them to have access to the computer list, and to be able to run tasks created by the master operators like myself. What’s the best way to go about this?
(imported comment written by cstoneba)
so you want them to see computers, but only Master-Operator created content? If so, you could put that content into a custom site, then only give them access to that site.
(imported comment written by PKLumos)
Hmm…I see how to add a site, and to only allow access to that site by creating a role with explicit permissions for ONLY that site…but where I’m hung up is the default permissions for the BES Support Master Site that allows those folks access to pretty much everything.
I want to have a role or site created that essentially gives them a console-lite view. They don’t need to see the wizards, most of the dashboards, or a good 80% of the hierarchical menus on the left. They simply need to see the computer list and any software pushes I have written for them to be able to apply in the field. That’s ALL.
As it stands, it looks like I’m having to give them much more than that. Perhaps I’m not seeing how to ONLY add certain things to my new site. Is there a writeup on this anywhere I could read through?
(imported comment written by SystemAdmin)
I think what you are trying to do is to really limit what these specific users have access to. In order to accomplish this the best way that I have found is to create a Custom Site (for this example I will call it “Service Desk” since this is a common example). When you create a new task it defaults to the Master Action Site, what you would want to do is create a custom copy of any job that you create. When that new Create Task window opens in the right hand corner you will see Create in site: with a drop down, if you select “Service Desk” then only users that have access to the custom site “Service Desk” will see those jobs. Its a slight overhead for the people that create the jobs but you basically would have two jobs out there, one in the Master Action Site and one in the “Service Desk” site.
When you are creating the Role for the “Service Desk” you will have to subscribe the users to the “Service Desk” site and the BES Support site for the accounts to properly work (unless they fixed that with recent upgrades). I ended up having to hide 95% of the BES Support jobs so that standard users/“Service Desk” staff do not deploy client settings to machines.
Now when a user with the “Service Desk” role logs in they will only see stuff that is in the “Service Desk” site (and maybe the BES Support stuff that is not hidden).
Hope that helps