Role Based Access Control in SCCM 2012


Today , Let us Talk about a new Feature in SCCM 2012 , Role Based Access Control . This is a Amazing new feature . Details are discussed below :


Before we start with the lab , we should know what exactly in RBAC in SCCM . By using RBAc feature we can give specific access level to a user or a group. Let us say that we want a group of users to have access to reports only and he should not be able to do anything else / modify anything in SCCM , then we will use RBAC to create such access .

In this example , we will create a group and then add a user to it . then we will create a new access in SCCM who will not have access to even read Migration Jobs in SCCM .

Step 1 : Create a Active Directory Group :

I created a Group in \Active Directory and named it as Abheek Demo . After you have created the group , add a member to it .

SCCM Group

Add member to this group :

Add User

Now that we have created a group in Active Directory , added a user to it , let us move to SCCM Server :

Go to Administration and then Security Roles:


Now to create a new Access role in SCCM right click on any of the access roles and then click copy role


In the Permissions , set the following :


Now , Go to Administrative users and then create / Add new user or group and fill in the credentials .


Now Add the Ad group and the role that we have created in the above post and then click ok.

Now log into the SCCM Using the user who is a part of that Group .


See the below figure , you cannot see the Migration jobs here :


Now login as admin and you can see the Migration Jobs :


Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: