1. Allow Administrator Rights
- Question - Does this effectively override all permissions below this option because you are now the highest level admin within SAM? For example, I can grant Administrator Rights to Fred, and now Fred can go in and elevate all of his permissions that were not previously granted by default - eg: Allow Node Management Rights, Enable Virtual Machine Power Management. If this is the case, then perhaps all of the permissions below should be enabled and grey'd out. If I assign Admin rights at the top, then I shouldn't have to configure every sub feature...
Orion Admin's have the ability to Add/Delete/Modify user accounts. That's essentially the primary permission here. You can of course create an Orion "Admin" account's not allowed to say, customize views or unmanage objects. That user could however edit their own user account and grant themselves those permissions.
2. SAM User Role
- Bug - When I set this to Admin the Allow IIS Action Rights value goes blank.
- Question - Can you provide an example of how this might be used and what the effect is?
The "SAM" Admin role allows users to create new application templates, edit existing application templates, assign/remove templates to nodes etc. This role is commonly given to the systems administrators who do not have account/node creation/modification rights. They are simply allowed to configure the monitoring of their applications.
3. Allow Account to Clear Events, Acknowledge Alerts and Syslogs
- Question - Is this the SAM event log? Or is this the Windows Event Log?
This is related to Events, Alerts and Syslog messages in Orion. This is unrelated to the Windows Event Log, unless you have alerts related to the Windows Event Log. This permission is for clearing or clearing events [Home -> Events], acknowledging alerts [Home -> Alerts] or clearing Syslog Messages [Home -> Syslog]