external help file | Module Name | ms.date | online version | schema |
---|---|---|---|---|
AdminUI.PS.dll-Help.xml |
ConfigurationManager |
12/21/2021 |
2.0.0 |
Configure a security role with specific permissions.
Set-CMSecurityRolePermission -InputObject <IResultObject> -RolePermission <Hashtable>
[-DisableWildcardHandling] [-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]
Set-CMSecurityRolePermission -Id <String> -RolePermission <Hashtable> [-DisableWildcardHandling]
[-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]
Set-CMSecurityRolePermission -Name <String> -RolePermission <Hashtable> [-DisableWildcardHandling]
[-ForceWildcardHandling] [-WhatIf] [-Confirm] [<CommonParameters>]
Use this cmdlet to configure a security role with specific permissions. For more information on security roles and permissions, see Fundamentals of role-based administration in Configuration Manager.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>
. For more information, see getting started.
This example first gets an object for the security role Contoso custom role in the variable $role. It then creates a hashtable of allowed operations, or permissions, in the $ops variable. These permissions include the following operations:
- Create and delete boundaries
- Read applications
- Modify alert subscriptions, including set security scope
The example then uses the Set-CMSecurityRolePermission cmdlet to set the specified permissions on the specified security role.
$roleName = "Contoso custom role"
$role = Get-CMSecurityRole -Name $roleName
$ops = @{
Boundaries = "Create,Delete";
Application="Read";
"Alert Subscription"="Modify,Set Security Scope"
}
$role | Set-CMSecurityRolePermission -RolePermission $ops
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specify the ID of the security role to configure its permissions. This value is the RoleID
property, for example SMS000AR
for the OS Deployment Manager role.
Type: String
Parameter Sets: SearchById
Aliases: RoleId
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specify a security role object to configure its permissions. To get this object, use the Get-CMSecurityRole cmdlet.
Type: IResultObject
Parameter Sets: SearchByValue
Aliases: SecurityRole
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
Specify the name of the security role to configure its permissions.
Type: String
Parameter Sets: SearchByName
Aliases: RoleName
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: True
Specify a hashtable of allowed operations, or permissions, for the target role. The first value of the hashtable is the class name, and the second value is an array of permission names.
For an example, see Example 1.
Type: Hashtable
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Shows what would happen if the cmdlet runs. The cmdlet doesn't run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.