A.Kassem Posted October 18, 2017 Report post Posted October 18, 2017 We want to deny SCCM users " Service Desk team " from adding devices to software collection to be read only to stop anyone from deploying unapproved software for any user .In addition we want those users to be able to add devices to OS deployment collection to be able to deploy task sequences for devices in our domain .How can we manage permission for Software collections only ? Quote Share this post Link to post Share on other sites More sharing options...
gavin1973 Posted October 21, 2017 Report post Posted October 21, 2017 Under Administration - Security you have the ability to assign roles and security scopes. In my own environment I have our service desk staff assigned the role of 'Read-only Analyst' but you can also take this further by copying a role and modifying it to suit what ever needs you require. Taking this one step further you create/assign security scopes effectively locking users down to only the collections that you want them to access. Quote Share this post Link to post Share on other sites More sharing options...
