Toby Posted February 27, 2012 Report post Posted February 27, 2012 Hi guys, May have missed something obvious, but im looking for a way to revoke administrative approval for software deployment - at the moment 'approved' software stays approved, and you cannot delete it from approval requests. This is mainly for demo purposes, so that i can reset a demo lab, but im sure it would have a real world use also. I'm comparing functionality here to RES Automation Manager orchestration, which does allow this functionality - but maybe this would be more a feature of opalis? this is RC 1 btw. Quote Share this post Link to post Share on other sites More sharing options...
mickblanko Posted April 13, 2012 Report post Posted April 13, 2012 I am running RC 2 and I have the same question/issue. I can’t find a way to revoke approves once they have been granted. One example (other than a fat fingered IT person clicking the wrong button and granting approval by accident) would be a finance person requesting access to a restricted finance app, this gets approved and works well until the user takes a new position somewhere else in the organization eg as a PA. Now the approval for the finance app can’t be removed and the user can pull this app down to any computer they wish. Not ideal. Anyone worked out a solution to this? Quote Share this post Link to post Share on other sites More sharing options...
DavidRandall Posted April 20, 2012 Report post Posted April 20, 2012 Unfortunately, the system does not provide a native revocation feature. Once the application has been approved for the user, it is available for them to install on any system. You can modify the requirements for the application to leverage the "primary user" rule - that would allow the user to only install the application on systems for which they are a primary user. You could also leverage those rules to query for properties that would indicate they are only allowed as a finance person, but not as a PA person. Additionally, targeting for the application catalog is based on collection membership, so if the finance person moved departements, and was no longer in the collection that allowed the application installation, they won't see it in the catalog. Additionally, the system prioritizes "install" deployments over "uninstall" deployments. So, the user could be a member of two collections that both have the application targeted to the collections, one with an Install intent, and the other with an "uninstall" intent. The uninstall intent deployment would likely target devices, not users. As soon as the user is removed the from the "install" intent collection, the "uninstall" deployment takes effect and removes the application. HTH Dave Quote Share this post Link to post Share on other sites More sharing options...
fritschetom Posted October 1, 2012 Report post Posted October 1, 2012 I had the same issue...it takes away part of the problem and replaces it via a script...take a look at this http://fritschetom.blogspot.com/2012/10/deploy-applications-from-application_1.html Quote Share this post Link to post Share on other sites More sharing options...
