This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Delegation of WSUS approval

Hi All,

I'm hoping this is just something simple I'm missing,  I've got a WSUS 2012 R2 server and a SolarWinds Patch Manger 2.0 server which is connected to the WSUS server,  I can approve updates which works fine.

My problem is I want to be able to give granular access to AD security groups for example,  I want the helpdesk to login to the SW PM console and only see their WSUS computer group that they are responsible for.

I've been trying to figure out the permissions however when I login I seem to be able to access more than I want,  I can't seem to give access soley to approve updates on a particular WSUS computer group.

Can this be acheived?

Thanks

Ross

  • Hi rosscrawford​,

    sorry for the delay. Simply select the computer group and then in the action pane you can select "approval delegation".  This will allow you to add in AD groups to approve the updates

    pastedImage_0.png

  • Thanks Michael,   I had found that area and added my AD user to it.  This may be a silly question,  do you need to use a managed computer group and map it to the WSUS computer group for this to work?   As I cannot see any other way,  and even when I do this I can see how to install updates but not approve them without giving full access to all WSUS groups.

  • You need to use a target group to use the AD delegation like that.

    The security section under patch manager system configuration would allow you to set what users can do but the closest to what you want would allow approval for all target groups.  Approval as far as I know cannot be set to only allow a user to approve for one group.  They can choose not to approve for other groups but if they can approve for one they can approve for all