In this post, I’ll provide few tips to resolve some common issues with build-in security role “Operating System Deployment Manager” (OSD Manager) assignments in ConfigMgr 2012. More Details about Role-Based Administration here (RBA).
OSD Managers are not able to view “Task Sequence” and unable to create Task Sequence.
Yes, we can easily make out that this could be because of some Security Scope. But how to rectify? Because I don’t want local administrators to edit Global Task Sequence. So no extra permissions.
I’ve two administrative groups (OSD Manager India and OSD Manager SGP) assigned to build in security role “Operating System Deployment Manager”. One is for India admins and other is for Singapore admins.
All the OSD related packages are global packages and assigned to the Scope “Global”.
They’ve access to their respective primary servers. I’ve created two scopes “India” and “Singapore”. These scopes are assigned to appropriate objects.
You can see the details of “OSD Manager India” administrative user from the following picture.
Security Role = Operating System Deployment Manager
Security Scopes and Collections = All India Systems, All India User Collection and India
1. “OSD Manager India” is not able to view “Task Sequence” available. Result panel shows “No Item Found”.
Same issue is for “Operating System Images” and “Boot Images” etc.
2. “OSD Manager India” is not able to create “Task Sequence”. (obviously, because the boot image and Operating System Image are not available)
1. Open up ConfigMgr 2012 Console, Navigate through Administration –> Security –> Administrative Users –> OSD Manager India.
2. Right Click on “OSD Manager India” administrative User and click on Properties.
3. Go to second tab “Security Roles” and Click on “Add” button at the bottom to add new security role “Read Only Analyst”
4. Go to “Security Scopes” tab and Select the option called “Associate Assigned Security Roles with Specific Security Scopes and Collections”
5. Click on “Read-Only Analyst” security role and “Edit”
6. Removed the security Scope called “India”
7. Added security Scope called “Default”. Why? Will this give more rights to the OSD Manager India ? NO. It won’t because, we allow ONLY “Read-Only Analyst” access to “OSD Manager India” user. How we can do that associate ? associate “Read-Only Analyst” role with “Default” security Scope. Click OK button two times.
Launch Console with “OSD Manager India”.
1. “Task Sequence” is viewable
2. “OSD Manager India” don’t have EDIT option for global “Task Sequence”.
3. “OSD Manager India” user can create “Deployments”