If you’ve tinkered with security roles for role-based administration in System Center 2012 Configuration Manager, you might have noticed that there are a ton of permissions and permission groups involved. This is most evident when you copy a built-in security group to modify for your own use. Keeping straight which roles use which permissions, and from which permission groups is a bit nutty.
To help me sort these combinations, I compiled a matrix of the built-in security roles, the permission groups each role uses, and the individual permissions for each group for each role, and thought I’d share it in the hopes it brings value to others.
Is this spreadsheet going to answer your questions about when to use a specific permission from a specific group to grant some level of access? Unfortunately not. That’s beyond the current information available to me.
I’ve uploaded a copy of my spreadsheet at the Gallery on TechNet, and you can find it at the following link. I’ll point out here that this is offered ‘as is’, with no guarantees for expansion or revisions.
On the TechNet Gallery: http://gallery.technet.microsoft.com/Matrix-of-Role-Based-d6318b96
- Brent Dunsire
This posting is provided "AS IS" with no warranties and confers no rights.
Thanks for the sheet but I do not understand at all what the sheet "Full List of Permissions" wants to tell me. The sheet "Permissions by Security Role" is exactly what I was looking for but seems to be buggy. For instance, according to the sheet an Asset
Manager or a Software Update Manager have permissions to create or delete a site. This is of course not the case.
I also downloaded the spreadsheet and it's nice to have a list, but I do have to agree with Jo, your list doesn't appear to be correct. I wish MS would put a guide out somewhere telling you exactly what each things requires as even using RBAViewer it's
not easy at all to figure out which check box is needed to allow someone to do something, as it doesn't work and under that site even though it's checked.