0

Is there a way to grant ownership of an ePO policy to a group?

Alternatively, is there a permission that can be set that would allow owners of an ePO policy to add other owners to that policy without making them ePO admin?

In the case I'm looking at, ePO is deployed within a large heterogeneous organization with a large amount of delegation in the form of create/modify policy rights to allow multiple IT departments to customize to their needs for their sections of the system tree. The problem is that the policies are owned by the creator of the policy. This causes problems when they leave (staff turnover) or when other people on their teams need the ability to modify the existing policy. Unfortunately, as far as I can see, only someone who is an ePO admin can change the owners. Even the owner of the policy cannot add other owners (unless they are also an ePO admin).

Ideally, I should be able to assign ownership of a policy to a group - since that would be easier to manage than me or another admin having to continually fix policy ownership or remove orphaned polices. Even just allowing the owners of the polices to add other owners would be sufficient.

How are other people handling policy ownership when dealing with a large amount of delegated control of polices? Is there a way to delegate this out without making users full ePO admins?

bkr
  • 835
  • 1
  • 8
  • 20

1 Answers1

0

I have come to the conclusion this is just not possible with the current version of ePO (5.1).

see unresolved threads:

The following query can be used to find policies owned by a specified user:

DECLARE @origUserName varchar(max)
SET @origUserName = 'dom\username'

SELECT
          polTypes.FeatureTextID,
          polTypes.CategoryTextID,
          polObj.Name as PolicyName,
          ornUsers.Name as Owner
FROM
          EPOPolicyObjects polObj
          INNER JOIN EPOPolicyObjectUserRoles polRoles ON polObj.PolicyObjectID = polRoles.PolicyObjectID
          INNER JOIN EPOPolicyTypes polTypes ON polTypes.TypeID = polObj.TypeID
          LEFT OUTER JOIN OrionUsers  ornUsers ON ornUsers.Id = polRoles.UserID
WHERE
          @origUserName IS NULL OR @origUserName = ornUsers.Name
ORDER BY
          polTypes.FeatureTextID ASC,
          polTypes.CategoryTextID ASC,
          polObj.Name ASC,
          ornUsers.Name ASC
bkr
  • 835
  • 1
  • 8
  • 20