Adhoc Collection creation, permissions, and locations. RRS feed

  • Question

  • When an admin uses the Distribute > Software option in a collection to deploy to a specific PC the admin has to create a new collection.  The new collection is always created in the ROOT because of class permissions needed to "create".  Is there a way to configure users to create adhoc collections inside another specified collection?

    I'm worried about collections that are created by users.  If they don't have permissions to see it at least they won't know it exists and be blocked from creating a new one.  I was hoping if all collections were forced to be created under some type of dynamic variable like %username% then there can be a nice separation and maybe no blocking of collection creation.

    Thanks in advance.

    Tuesday, July 20, 2010 2:08 PM


  • There are ways... but it'll mean a change to how your console users interact and use the console.

    You can remove Collection Class permissions, and then grant them instance permissions to specific collections.  The tricky part is training them to be very conscious of security.  I'll bet right now they don't even glance at the Security pane when they create a new collection.

    Since security rights can be tricky to set up, if I were you, what I would approach this in two different ways:

    1) Use something like Ron Crumbakers' Web Remote Console 3.21, and setup "common" advertisements, so that people do not have to, ever, deploy software to just 1 computer.  They add the computer to an already existing advertisement.

    2) Train them differently.  Have them make the collection first, and *then* deploy software to that collection.

    Standardize. Simplify. Automate.
    Tuesday, July 20, 2010 2:52 PM