New Console Objects…
Administrative Users = Users and Groups that have admin rights in ConfigMgr
Security Roles = Role based permissions in ConfigMgr
Security Scopes = Securable Objects in ConfigMgr
Now lets take a quick glance on how it actually looks like:
We are going to setup a Packaging role and see the console difference after.
1) Full console access for an Administrator
2) Select Security & Permissions –> Right Click add user or group
3) Select Packaging Group or user from AD and click next
4) add the user to the Application Deployment Role and click next
5) on the security scope screen select user can see all objects and click next. (We will limit this later)
6) on the summary screen click next
7) Click close on the confirmation screen
8) Our user has console access and is limited to applications only lets go one step further and limit which applications the users in this group can see by adding a security scope to the security role.
9) Right click the user we just added select Properties and click Security Scopes, We are going to add a security scope we previously created.
10) Select the second radio button add our Custom Security Scope, Remove the default security scope and click apply
11) Below is a quick view of what you would see if you had access to all packages.
12) Below is a screenshot of what one of our Packaging team members consoles looks like. As you can see the list of Packages have decreased due to our security scope that has been assigned to our security role.
Loading. . .
╔════════════════╗
║████████████ 99.99%
╚════════════════╝
