Creating scopes

A scope defines the devices that can be viewed and managed by a Management Suite user.

A scope can be as large or small as you want, encompassing all of the managed devices scanned into a core database, or possibly just a single device. This flexibility, combined with modularized tool access, is what makes role-based administration such a versatile management feature.

Default scopes

Management Suite's role-based administration includes one default scope: the "default all machines scope." This scope includes all managed devices in the database. You can't edit or remove the default scope.

Custom scopes

There are three types of custom scopes you can create and assign to users:

A Management Suite user can be assigned one or more scopes at a time. Additionally, a scope can be associated with multiple users.

How multiple scopes work

More than one scope can be assigned to any of the Management Suite users. When multiple scopes are assigned to a user, the user has rights to all computers in all assigned scopes. The cumulative list of computers in all assigned scopes is the user's effective scope.

A user’s effective scope can be customized by adding and removing scopes at any time. Multiple scopes and scope types can be used together.

A user’s rights and scopes can be modified at any time. If you modify a user’s rights or scopes, those changes take effect the next time that user logs into the console or when a console administrator clicks the Refresh scope toolbar button on the Console (top of window).

Creating a scope

To create a scope
  1. Click Tools > Administration > Users.
  2. Right-click Scopes and click New Scope.
  3. In the Scope Properties dialog, enter a name for the new scope.
  4. Specify the type of scope you want to create (LDMS query, LDAP or custom directory, or device group) by clicking a scope type from the drop-down list, and then clicking New.
  5. If you're creating an LDMS query-based scope, define the query in the New scope query dialog, and then click OK.
  6. If you're creating a directory-based scope, select locations (LDAP directory and/or custom directory) from the Select visible devices list, and then click OK.

Click on the plus (+) and minus (-) signs to expand and collapse nodes in the directory tree. You can multi-select locations by using Ctrl+click. All nodes under a selected parent node will be included in the scope.

LDAP directory locations are determined by a device's directory service location. Custom directory locations are determined by a device's computer location attribute in the inventory database. This attribute is defined during device agent configuration.

  1. If you're creating a device group-based scope, select a group from the available device group list, and then click OK.
  2. Click OK again to save the scope and close the dialog.

About the Scope Properties dialog box

Use this dialog box to create or edit a scope. You can access this dialog box by selecting a scope and clicking the Edit scope toolbar button or by right-clicking the scope and then clicking Properties.