When setting up permissions in System Frontier to allow delegated administrators to manage scheduled tasks, permission filters allow a greater degree of control. Various permissions will allow a user to run a scheduled task, stop it, modify it or even delete it.
The filter mechanism uses wildcards to apply a given permission based on the name of the task. This also can, and should in some cases, mean the full path to the task based on where it’s located in the Windows task scheduler folder hierarchy.
Examples
You need to give the App1 support team the ability to run a scheduled task named “App1 Monthly Job” that lives in the root folder of the task scheduler. They only need to run this specific task. Choose a role that contains the App1 support team members, then add and configure the following permission to do this:
Permission: StartScheduledTask
Filter: \App1 Monthly Job
Scope: (Choose one or more Containers that contain the servers where the scheduled task lives)
Notice the filter starts with a backslash (\). The backslash represents the root folder where the task lives and because there are no wildcards (*) used, this StartScheduledTask permission applies only to tasks whose name matches exactly “App1 Monthly Job” in the root folder.
Let’s say the task lived in the App1 subfolder, directly under the root. To only have the permission apply to that specific task, the filter would change to the following:
Filter: \App1\App1 Monthly Job
If there were multiple copies of the task in different subfolders (maybe they are different on different machines for some reason) you could grant access to that specific task anywhere it lives by using wildcards, like so:
Filter: *\App1 Monthly Job
Imagine the App1 team has all kinds of tasks, in various folders, but they use a strict naming convention where all tasks begin with the word “App1”. You could easily use the following filter to apply the permission to any task, in any folder that begins with the word “App1”:
Filter: *\App1*
As you can see, using the scheduled tasks folder path and optionally, wildcards, you can grant permissions as you see fit without risk of giving the user access to tasks they should not be viewing or managing.
