Hi,
This has got to be something stupid that I'm doing, because I can't see anyone else with the same issue out there!
Environment:
SCOM 2012 SP1 UR2
Server 1: Management server
Server 2: Management server 2, ACS collector
Server 3: Network monitoring management server
Server 4: Operations Database
Server 5: Data Warehouse, Reporting Services, Web Console Server
Server 6: ACS database, ACS Reporting Services.
Everything was installed (I think!) using a combination of Kevin Holman's quick start guide and technet guides. All servers are running Windows Server 2012.
I want to set up user roles for each business area to have "advanced operator" rights over their own servers. For my first attempt, I am looking at a group of three agent-managed Windows servers.
I have created a group and added these 3 servers, then created the role and scoped it to only this group. Added test user A to the role.
If I log in as the test user A to the Ops Manager Console, the view is as I'd expect and Ionly see information about the 3 servers in the group.
If I log in as test user A to the Web Console, I get full access to all 19 servers currently set up for monitoring.This includes all domain controllers, all ACS info etc.
Obviously bit of a security hole somewhere in my web setup, but I have no idea where to start looking: anyone got any ideas?
Thanks!