Management and Security

Creating scopes

A scope defines the devices that can be viewed and managed by a Endpoint Manager and Security user.

A scope can be as large or small as you want, encompassing all of the managed devices scanned into a core database, or possibly just a single device. This flexibility, combined with modularized tool access, is what makes role-based administration such a versatile management feature.

Default scopes

Endpoint Manager and Security role-based administration includes one default scope: "All machines." This scope includes all managed devices in the database. You can't edit or remove the default scope.

Custom scopes

There are three types of custom scopes you can create and assign to users:

  • LDMS query: Controls access to only those devices that match a custom query search. You can select an existing query or create new queries from the Scope properties dialog box to define a scope. Note that you can also copy queries from the Queries groups in the network view directly into the Scopes group. For more information on creating queries, see Database queries.
  • LDAP: Controls access to only those devices gathered by the inventory scanner that are located in an LDAP-compliant directory structure. Select directory locations from the Select visible devices dialog box to define a scope. This directory-based scope type also supports custom directory locations (if you've entered custom directory paths as part of an agent configuration). Available custom directory paths appear in the Select visible devices dialog box. Use custom directories to define a scope if you don't have an LDAP-compliant structure, or if you want to be able to restrict access to devices by a specific organizational detail such as geographic location or department.
  • Device group: Controls access to only those devices that belong to a specific device group in the network view.

A Endpoint Manager user can be assigned one or more scopes at a time. Additionally, a scope can be associated with multiple users.

How multiple scopes work

More than one scope can be assigned to any of the Endpoint Manager users. When multiple scopes are assigned to a user, the user has rights to all computers in all assigned scopes. The cumulative list of computers in all assigned scopes is the user's effective scope.

A user’s effective scope can be customized by adding and removing scopes at any time. Multiple scopes and scope types can be used together.

A user’s rights and scopes can be modified at any time. If you modify a user’s rights or scopes, those changes take effect the next time that user logs into the console or when a console administrator clicks the Refresh scope toolbar button on the Console (top of window).

Was this article useful?    

The topic was:



Not what I expected