SCCM RBAC Security Role OSD Manager does not have Access to Create TS ConfigMgr

SCCM RBAC Security Role OSD Manager does not have Access to Create TS ConfigMgr. SCCM RBAC Security Role OSD Manager does not have Access to Create TS ConfigMgr.

In this post, I’ll provide a few tips to resolve some common issues with build-in security role “Operating System Deployment Manager” (OSD Manager) assignments in ConfigMgr 2012.

SCCM RBAC Security Role OSD Manager does not have Access to Create TS ConfigMgr

SCCM RBAC Security Role OSD Manager does not have Access to Create TS ConfigMgr
SCCM RBAC Security Role OSD Manager does not have Access to Create TS ConfigMgr

OSD Managers are not able to view “Task Sequence” and are unable to create Task Sequence.

Yes, we can easily make out that this could be because of some Security Scope. But how to rectify? Because I don’t want local administrators to edit Global Task Sequence. So no extra permissions.

Patch My PC

Setup

I’ve two administrative groups (OSD Manager India and OSD Manager SGP) assigned to build in security role “Operating System Deployment Manager”. One is for India admins and the other is for Singapore admins.

All the OSD-related packages are global packages and assigned to the Scope “Global”.

They’ve access to their respective primary servers. I’ve created two scopes “India” and “Singapore”. These scopes are assigned to appropriate objects.

You can see the details of the “OSD Manager India” administrative user from the following picture.

Adaptiva

Security Role = Operating System Deployment Manager

Security Scopes and Collections = All India Systems, All India User Collection, and India

SCCM RBAC Security Role OSD Manager does not have Access to Create TS ConfigMgr
SCCM RBAC Security Role OSD Manager does not have Access to Create TS ConfigMgr
SCCM RBAC Security Role OSD Manager does not have Access to Create TS ConfigMgr
SCCM RBAC Security Role OSD Manager does not have Access to Create TS ConfigMgr

Issue/Problem

1. “OSD Manager India” is not able to view “Task Sequence” available. The Result panel shows “No Item Found”.

The same issue is for “Operating System Images” and “Boot Images” etc.

image

2. “OSD Manager India” is not able to create “Task Sequence”. (obviously, because the boot image and Operating System Image are not available)

Resolution

1. Open up ConfigMgr 2012 Console, Navigate through Administration –> Security –> Administrative Users –> OSD Manager India.

image

2. Right-click on the OSD Manager India” administrative User and click on Properties.

3. Go to the second tab “Security Roles” and click on the “Add” button at the bottom to add the new security role “Read Only Analyst

image
image

4. Go to the “Security Scopes” tab and select the option called “Associate Assigned Security Roles with Specific Security Scopes and Collections”

image

5. Click on the “Read-Only Analyst” security role and “Edit”

image

6. Removed the security Scope called “India”

image

7. Added security Scope called “Default”. Why? Will this give more rights to the OSD Manager India? NO. It won’t because we allow ONLY “Read-Only Analyst” access to the “OSD Manager India” users. How we can do that associate? associate “Read-Only Analyst” role with “Default” security Scope. Click the OK button two times.

image
image

Results

Launch Console with “OSD Manager India”.

1. “Task Sequence” is viewable

image

2. “OSD Manager India” doesn’t have an EDIT option for global “Task Sequence”.

image

3.  “OSD Manager India” user can create “Deployments”

image

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.