Using Symantec System Center roles in Symantec AntiVirus 10.x and Symantec Client Security 3.x

Symantec.com > Enterprise > Support > Knowledge Base

Using Symantec System Center roles in Symantec AntiVirus 10.x and Symantec Client Security 3.x

Question/Issue:
This document describes how to use the new Symantec System Center roles feature in Symantec AntiVirus Corporate Edition 10.x and Symantec Client Security 3.x.

Solution:
Symantec AntiVirus provides several preexisting roles with varying levels of privileges for user accounts. You can assign a user to one of these roles when creating user accounts for server groups in Symantec System Center.

The following table describes the roles and their associated privileges:

Role name
Description

Read-only This role allows the user to lock and unlock the server group and to view information about the server group. Users have no write access to the server group, and so cannot make any configuration changes to the server group, or to any of its servers and clients.

Administrator This role allows the user full access to the server group. The user may lock and unlock the server group and configure both servers and clients in the server group.

Central Quarantine This role allows the user to do the following:

read/write virus definitions files
roll out virus definitions updates to a client or server in the server group
ping machines in the server group
Users assigned to this role are not allowed to lock and unlock the server group using Symantec System Center.

Gateway Security This role allows the user to ping machines in the server group. Users assigned to this role are not allowed to lock and unlock the server group using Symantec System Center.

If Symantec System Center cannot verify the user's role, the user account defaults to the least privileged of the roles, Gateway Security. Symantec AntiVirus also provides one preexisting user named admin, who is assigned to the Administrator role. You cannot delete the admin user account or change its username, but you can change its password.

The following restrictions apply to user accounts:

Passwords that you set must be at least six characters long.
Account user names must be unique and are not case sensitive.
Passwords are case sensitive.
User names cannot contain spaces.
User names cannot contain the following special characters: " / ; \ - . + ' : =

Creating, changing, and deleting user accounts
You can assign multiple user accounts with administrative privileges to a server group. You can only manage the accounts for one server group at a time.

To create a user account for a server group

Start Symantec System Center.
Right-click the appropriate server group.
Click Account Management.
In the Configure Server Group Accounts dialog box, click Add.
In the Account Setup dialog box, do the following:
- Type the user name.
- In the New password box, type the password.
- In Confirm password box, type the password again.
- Under Account Type, check the role that you want to assign to the user: Read-only, Administrator, Central Quarantine, or Gateway Security.
Click OK.
Click Finished.
The changes are then sent to the secondary management servers in the server group.

To change a user account for a server group

Start Symantec System Center.
Right-click the appropriate server group.
Click Account Management.
In the Configure Server Group Accounts dialog box, click a user account name.
Click Update.
In the Account Setup dialog box, do the following:
- In the New password box, type the password.
- In Confirm password box, type the password again.
Under Account Type, if you want to change the user's role, click the new role.
If you are only changing the role under Account Type, you should leave the password fields blank.
Click OK.
Click Finished.

To delete a user account for a server group

Start Symantec System Center.
Right-click the appropriate server group.
Click Account Management.
In the Configure Server Group Accounts dialog box, click a user account name.
Click Delete.
Click Yes to confirm.
Click Finished.

Document ID: 2005033114385748
Last Modified: 01/02/2007
Date Created: 03/31/2005
Operating System(s): Windows 2000, Windows XP Professional Edition, Windows Server 2003 32-bit Edition
Product(s): Symantec AntiVirus Corporate Edition 10.0, Symantec Client Firewall 8.0, Symantec Client Security 3.0, Symantec AntiVirus 10.1, Symantec Client Firewall 8.7, Symantec Client Security 3.1
Release(s): SAV 10.0 [All Releases], Symantec Client Firewall 8.x [All versions], Symantec Client Security 3.x [All versions], Symantec AntiVirus 10.1, Symantec Client Firewall 8.7, Symantec Client Security 3.1

Role name	Description
Read-only	This role allows the user to lock and unlock the server group and to view information about the server group. Users have no write access to the server group, and so cannot make any configuration changes to the server group, or to any of its servers and clients.
Administrator	This role allows the user full access to the server group. The user may lock and unlock the server group and configure both servers and clients in the server group.
Central Quarantine	This role allows the user to do the following: read/write virus definitions files roll out virus definitions updates to a client or server in the server group ping machines in the server group Users assigned to this role are not allowed to lock and unlock the server group using Symantec System Center.
Gateway Security	This role allows the user to ping machines in the server group. Users assigned to this role are not allowed to lock and unlock the server group using Symantec System Center.