This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Designated/restricted access to Patch Manger required

HI there

Is it possible to assigned user account to Patch Manager where they only have access to specific WSUS servers, or specific WSUS groups, or specific servers?

We have a 3rd party that looks after our SQL and SSIS servers, including patching, and I'd like to give them access to Patch Manager to allow them to approve and install patches for the specific servers they look after.

I've tried creating user groups/accounts in patch manager and only giving them access to their computer groups, but this also allows them access to all other servers and to run commands on them, like reboot etc.

I've also tried creating a separate downstream WSUS servers and assigning the servers to that WSUS server and only give them access to that WSUS, but patch manager still shows both WSUS servers and all the servers in our environment.

Lastly I've created a separate patch manager application and management server with WSUS for them, but it seems I cannot have our AD domains residing in 2 management groups, so I can only assign the WSUS server to it, but they still have access to see and run actions on all servers.

Is there a way to give them only access to these specific servers or WSUS groups in patch manager?