Jump to content


RBAC Question ???

Recommended Posts

I need to create a group of Users that can run all the pre-canned queries , but not modify or delete them. They need to be able to create their own queries and be able to modify and delete their own queries.


I need to create other groups with the same rights as stated above and neither group should be able to see one another's queries.

I would appreciate someone explaining in detail how to accomplish this.


Environment is SCCM 2012 R2 SP1


Thank you!

Share this post

Link to post
Share on other sites

I agree with Garth, what is the business need there? What are you trying to accomplish?


But ultimately you should be able to do this with a scope and role. Create a scope and role, assign the query permissions as applicable. You would probably want a couple of Roles and scopes, one role for read and one for write, one scope for read and then an individual scope for each group. Give the pre canned queries access to the read scope. Then assign the group to the write scope. That should allow them to create queries and edit them.


With this set up, other groups will only be able to read the queries created by the group if the group goes into their created query and assigns the read scope.


I would have to mess around with it, but just go in and start trying some things and see if you can get it to work for you.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...