In many SCCM environments, we see administrators that want to give access to the SCCM reporting node only. Unfortunately, there’s no SCCM Report Viewer role when you browse to the Security role of the console. So … What if you want to give a user the right to only run reports? This blog post will show how to create an SCCM report viewer role in the console.

A simple way to do this is to grant access to the Read-only Analyst role which will be enough to run a report but maybe you don’t want them to see all nodes and get lost in the console.

If you’re unfamiliar with role-based administration, we suggest you first read the Microsoft docs which explains the basics. It combines security roles, security scopes, and assigned collections to define the administrative scope for each administrative user. We’ll use this concept to create a new SCCM Report viewer role and then grant our administrative users rights to this role.

Create a Report Viewer Role in SCCM

Here’s what to do to achieve this:

  • Go to SCCM Console / Administration / Security / Security Roles
  • Right click on the Read-only Analysts security role
  • Select Copy
  • Go throught each node permission and keep only Run Reports and Read to YES
  • At the end, it should look like this :
SCCM report viewer role
  •  Click OK

Add user to the SCCM Report Viewer Role

We now need to add your administrative user to the role you just created

If your Administrative user is already in the console :

  • Go to SCCM Console / Administration / Security / Administrative Users
  • Right-click your Administrative user you want to add to the Report viewer role and select Properties
SCCM report viewer role
  • Click the Security Role tabs and select the Report Viewer Role
SCCM report viewer role

If your user is not already in the console

IF this is for a new user that didn’t have any access to the SCCM Console

  • Go to SCCM Console / Administration / Security / Administrative Users
  • Right-Click Administrative User and select Add User or Group
SCCM report viewer role
  • Click on Browse and select the user you want to add to the security role
  • Click on Add and select the Report Viewer role you created in the first step
  • Select the desired security scope option
SCCM report viewer role

You can now install the SCCM console on the user account or use the web portal to access the reports.

Comments (2)

latrenda rohde

02.25.2020 AT 02:10 PM
I no longer want my administrar this person has added service I didnot approve steal money change my permission.I want them off I no longer want micro soft services and no longer want this administrar I want to press charges against this person remove them asp they have commute a criminal. act and I'm pressing charge

Neil Clinch

07.26.2018 AT 02:24 PM
The picture is inconsistent with the statement "Go throught(sic) each node and keep only Run Reports and Read to YES". Can you clean this article up or combine it with the Report Administrator article. I love the site! Thanks,