How can we improve the SDA (K2000)?

Role-based access control (RBAC)

Regulate access to various functionality based on user roles and permissions. This would include granular access to capabilities such as:

- Logon to KBE
- Access to specific production images
- Server/workstation roles
- Samba share access
- Differentiate between access to deploy images, and access to log into connected machines as an admin.

242 votes
Sign in
Sign in with: Facebook Google
Signed in as (Sign out)
You have left! (?) (thinking…)
RogerL shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Sign in with: Facebook Google
Signed in as (Sign out)
  • Anonymous commented  ·   ·  Flag as inappropriate

    Great Idea! Like someone else suggested, even just giving the "Read-Only Admin" the ability to capture user states would be very helpful.

  • Aamir commented  ·   ·  Flag as inappropriate

    It just be nice if there was a way to customize the roles for the techs that use the SDA. For example, we have about 19 RSA's and they all have their own techs (about 30+) using Kace. Just like the SMA, I like to customize what they can do. Give them only certain scripted installs to see/edit, create/edit post install tasks but not able to delete, not able to capture their own image, etc. ReadOnlyAdmin is there, but they'll just come back and ask for edit rights anyways. Giving them some edit rights will be better.

  • Chris Blake commented  ·   ·  Flag as inappropriate

    I could see value in giving a tech access to Boot Actions, and almost nothing else so they could load a list of MAC's.

  • David Coe commented  ·   ·  Flag as inappropriate

    setup an account that has configurable rights to the Samba share folders,
    or allow Ldap accounts have configurable access to the Samba Share

    It would be nice to give one of my team members access to the samba share without having to give them the Admin Account information.

  • Yin Etzel commented  ·   ·  Flag as inappropriate

    We what to give our Techs the right to pull down an image only. So since the above comment by Alex Au Yeung is over 11 months old, have we a version that has the integrated K1-style permissions released yet? If so, which version?

  • Michael commented  ·   ·  Flag as inappropriate

    Looking forward to this added feature. Hopefully it will show up in 3.7 Would vote more on this if I had them.

  • bruce commented  ·   ·  Flag as inappropriate

    It would be nice to be able to restrict the imaging of server hardware. That way, if someone tried to image a server, they would have to have seperate credentials to do so.

    Even further, be able to use the K1's smart labels or some other mechanism , maybe even just IP range, to restrict who has what access to imaging certain groups of machines.

  • Jon commented  ·   ·  Flag as inappropriate

    Our desktop team uses the PXE features of the k2 to logon to the KBE to image machines. The problem being that they then have access to all of the images stored on the k2. I would be nice to have the ability to define roles on the k2 and assign them certain functionality and access to certain production images.

  • Karl Ng commented  ·   ·  Flag as inappropriate

    I would like the ability to create roles in the k2000 and also in the rsa. I would like my techs to be able to vnc into a scripted install and kick off there installs without having to physical be in front of the machine. The techs may have 50 machines to image and it would be benefical for them to remotely manage them. I do not want to give them access to the k2000 because they would have the ability to change the scripted installs or alter, delete or change the operating systems, boot files, etc.

  • KFortney commented  ·   ·  Flag as inappropriate

    This would really help make things more granular in our organization. I am hesitant to assign work for parts of the server when other parts will be vulnerable to people who do not need access to server settings and the like.

  • Nicolas commented  ·   ·  Flag as inappropriate

    In our environment, the IT team and the R&D team have to deploy OSes. But they not have to deploy the same environments.

  • Philip Langlois commented  ·   ·  Flag as inappropriate

    This would be awesome. Could be based on an AD OU or locally named users. To be able to restrict some image deployment to specific user would be great (i.e.: Server image not available to a specific project user).

  • philologist commented  ·   ·  Flag as inappropriate

    Currently giving helpdesk staff the password to deploy an image gives them access to deploy every image, and to log into machines remotely with administrator priviledges. It would be nice to at least differentiate between personnel with access to deploy images, and personnel with access to log into connected machines as an admin. This is espeically important with RSAs, where remote offices may have an "advanced user" rather than actual helpdesk personnel. The significant problem with allowing people to deploy images is that it also currently grants those people full access to remotely administrate any workstation or server they can reach.

← Previous 1

Feedback and Knowledge Base