Jay Paloma's Tech and Music Blog

Sometimes, this writer can no longer distinguish between the two.

Configuration Manager RBAC – Security Scopes

with one comment

Security roles in Configuration Manager answer the question Where could the operation be done?

There are two built-in security scopes: All and Default. All is not assignable to any object. Default is initially assigned to new objects. It can be removed later on if the object is assigned another security scope.

You can assign security scopes to the following objects:

  • Alert subscriptions
  • Applications
  • Boot images
  • Boundary groups
  • Configuration items
  • Custom client settings
  • Distribution points and distribution point groups
  • Driver packages
  • Global conditions
  • Migration jobs
  • Operating system images
  • Operating system installation packages
  • Packages
  • Queries
  • Sites
  • Software metering rules
  • Software update groups
  • Software updates packages
  • Task sequence packages
  • Windows CE device setting items and packages

Examples of security scope applications

  • Security scopes for test and production applications.
  • Security scopes for different groups in the organization that are administered by a different team.
  • If different Sites are intended to be administered by different teams, create a security scope per site, and assign it to the respective teams.

Security scopes can be customized based on how they are intended to be applied. Ensure that your security scope design is simple as possible so as not to subject unnecessary load onto the Configuration Manager databases

Reference: http://technet.microsoft.com/en-us/library/gg712284.aspx#BKMK_PlanningForRBA


Written by jpaloma

January 11, 2015 at 9:57 PM

Posted in Microsoft

Tagged with ,

One Response

Subscribe to comments with RSS.

  1. […] Part 3: Configuration Manager RBAC – Security Scopes […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: