Contact Us Get Free Products
Search icon Contact Us Get Free Products
SCCM/MECM

SCCM 2012 Role-Based Administration Viewer

Benoit LecoursDecember 10 20132 Min Read

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 8 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intune deployments.

Benoit Lecours

President
Table of Content
SCD Collaborators

SCCM 2012 R2 comes with 15 built-in roles. For most of you, this is plenty to fulfill your needs. However if you have custom needs, it’s possible to create your own.

When creating your first role, you may be lost in all those security rights.

Instead of doing your role directly in the console, I suggest to use the Role-based Administration Modelling and Auditing Tool which is available in the SCCM 2012 toolkit.

This tool helps administrators to model and audit RBA configurations. It’s graphical, you can compare your custom based role with the built-in ones. You can see right away the impact visually in the console.

Here’s an example. Let’s say I have someone in the company that need read access on the Application and packages only. Sure you can use the Read-Only Analyst role but this would let the user “see” much more than you want.

Let’s open the tool :

At first, the tool start with the “Full Administrator role

RBAC (1)

Let’s select “Security Role” and choose Read only assist. The tools apply Read only to all nodes.

RBAC (3)

For our example, Let’s uncheck all but Applications and Packages and only check Read.

RBAC (2)

Click on Analyse. You’ll automatically sees what the user will see on the right pane. The user will see only Application and Package which is what we want.

RBAC (4)

You can also compare your role with the build-in ones by selecting the Similarity tab

RBAC (5)

Once you’re satisfied with your role you can click Export. A .xml files will be created, you can now use this .xml in the SCCM console.

Right click Security Roles and select Import Security role. Assign your user to your new role and you’re done !

Download the toolkit

Microsft has also release a Matrix of Role-Based Administration Permissions for ConfigMgr 2012 which can be useful for understanding build-in roles.

 

SCCM 2012 Role-Based Administration Viewer

RBAC SCCM 2012
SCD Collaborators
Comments (1)

Matthew

07.18.2018 AT 11:43 AM
What permissions are needed to be able to view software library > Windows 10 servicing? the console seems to crash for my test users.
Hide replies 0
Related posts
Marc-Andre ChartrandApril 18 20244 Min Read
SCCM Office 365 dashboard Unmanaged clients

If you’ve always been managing your Office 365 (Now Microsoft 365 Apps) clients with SCCM,...

Office 365 SCCM/MECM
Benoit LecoursMarch 14 20242 Min Read
SCCM CMPivot Query Examples

SCCM CMPivot has been introduced in SCCM 1806 and it’s making its way to being a pretty...

SCCM/MECM
Jonathan LefebvreJanuary 31 20242 Min Read
How to install PatchMyPC Advanced Insight

The guys at PatchMyPc recently released a new product : Advanced Insight. Advanced Insight is a...

SCCM/MECM
Request a Quote

Please fill out the form, and one of our representatives will contact you in Less Than 24 Hours. We are open from Monday to Friday.

Consulting Services

Subscription

PatchMyPC

Reports and Guides

I'm interested in working with you

Consulting services and time banks are used for generic requests. All others are fixed-price plans.

Never share sensitive information (credit card numbers, social security numbers, passwords) through this form.
Request Sent

Thank you for your request. You will receive an email with more details. Take note that we normally work from Monday to Friday. We will get in touch with you as soon as possible.

Comment Sent

Thank for your reply!

Error

Something went wrong!