RBA Security Role OSD Manager does not have Access to Create TS

3

In this post, I’ll provide few tips to resolve some common issues with build-in security role “Operating System Deployment Manager” (OSD Manager) assignments in ConfigMgr 2012. More Details about Role-Based Administration here (RBA).

image

OSD Managers are not able to view “Task Sequence” and unable to create Task Sequence.

Yes, we can easily make out that this could be because of some Security Scope. But how to rectify? Because I don’t want local administrators to edit Global Task Sequence. So no extra permissions.

Setup

I’ve two administrative groups (OSD Manager India and OSD Manager SGP) assigned to build in security role “Operating System Deployment Manager”. One is for India admins and other is for Singapore admins.

All the OSD related packages are global packages and assigned to the Scope “Global”.

They’ve access to their respective primary servers. I’ve created two scopes “India” and “Singapore”. These scopes are assigned to appropriate objects.

You can see the details of “OSD Manager India” administrative user from the following picture.

Security Role = Operating System Deployment Manager

Security Scopes and Collections = All India Systems, All India User Collection and India

imageimage

Issue/Problem

1. “OSD Manager India” is not able to view “Task Sequence” available. Result panel shows “No Item Found”.

Same issue is for “Operating System Images” and “Boot Images” etc.

image

2. “OSD Manager India” is not able to create “Task Sequence”. (obviously, because the boot image and Operating System Image are not available)

Resolution

1. Open up ConfigMgr 2012 Console, Navigate through Administration –> Security –> Administrative Users –> OSD Manager India.

image

2. Right Click on “OSD Manager India” administrative User and click on Properties.

3. Go to second tab “Security Roles” and Click on “Add” button at the bottom to add new security role “Read Only Analyst

imageimage

4. Go to “Security Scopes” tab and Select the option called “Associate Assigned Security Roles with Specific Security Scopes and Collections”

image

5. Click on “Read-Only Analyst” security role and “Edit”

image

6. Removed the security Scope called “India”

image

7. Added security Scope called “Default”. Why? Will this give more rights to the OSD Manager India ? NO. It won’t because, we allow ONLY “Read-Only Analyst” access to “OSD Manager India” user. How we can do that associate ? associate “Read-Only Analyst” role with “Default” security Scope. Click OK button two times.

image

image

Results

Launch Console with “OSD Manager India”.

1. “Task Sequence” is viewable

image

2. “OSD Manager India” don’t have EDIT option for global “Task Sequence”.

image

3.  “OSD Manager India” user can create “Deployments”

image

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.