Scopes

The Scopes page defines visibility of certain types of user-defined data objects throughout the VSA. For example, a user could see some machine groups, but not be able to see other machine groups. Once a scope has made a data object visible to a user, the functions the user can perform on that data object are determined by user role. Scopes enables VSA users responsible for user security to create different scopes of data objects and assign them to different populations of users.

Note: A user logs on with both an assigned role (the functions they can perform) and an assigned scope (the data they can see). Membership in a role and membership in a scope are independent of each other.

Users can also be assigned to scopes using the System > Users > Scopes tab.

Scope Data Objects

There are five types of data objects that can be assigned to scopes. Each are defined outside of scopes before being assigned to scopes.

Organizations - An organization is typically a customer but not necessarily only customers. An organization record contains certain general information, such as its name and address, number of employees and website. An organization also defines a hierarchy of additional information, as illustrated below, representing all the machine groups and personnel within that organization. Organizations are defined using System > Orgs/Groups/Depts/Staff > Manage.
Machine Groups - Machine groups are groups of managed machines within an organization. Machine Groups are defined using System > Orgs/Groups/Depts/Staff > Manage > Machine Groups.
Machines - A managed machine is a computer with an agent installed on it. Each machine has to belong to a machine group. Machines are typically created using the Agents > Manage Packages page.
Departments - A department is a group of staff members within an organization. A staff member is not necessarily the same as a machine user. Departments and staff members are defined using System > Orgs/Groups/Depts/Staff > Manage > Departments.
Service Desk - A service desk processes tickets using the Service Desk module. Service desks are defined using Service Desk > Desk Configuration > Desk Definition.

Scope Assignment

The parent-child relationships between data structures affect how scopes are maintained.

Implicit Assignment

Assigning any parent record to a scope implicitly assigns all child records to that same scope. For example, assigning an organization to a scope includes the following in that same scope:

Child organizations.
Machine groups of the organization and any child organizations.
Machines of the machine groups in that organization and any child organizations.
Departments in the organization and any child organizations.

Explicit Assignment

The only way to include a top level organization in a scope is to manually add it to that scope, because no parent record exists to include it. This is called explicit assignment. You can also explicitly assign a lower level object in scope, but only if the lower level object is not already assigned implicitly to the scope through its parent. For example, you could include a machine group explicitly, without adding the machine group's parent organization. You can also explicitly include individual machines and departments in a scope without including their parent records.

All in Scope

The Scopes function provides an All in Scope button, when appropriate. The button displays a window that lists all records in a particular Scope tab, regardless of whether records are assigned implicitly or explicitly.

Master Scope

See System > Users for a discussion of the Master scope.

Middle Panel

You can perform the following actions in the middle pane of Roles:

New - Create a new scope.
Rename - Rename the scope.
Delete - Delete the selected scope. All VSA users must be removed from a scope before you can delete it.

Scope Details

Each tab provides the following actions:

Assign - Assigns access for a data structure to a scope.
Remove - Removes access for a data structure from a scope.
All in Scope - Displays only on the Organizations, Machine Groups, Machines and Departments tabs. Clicking the All in Scope button on a tab displays a new window listing all data structures of that tab type in the scope, whether defined explicitly or implicitly.