asked on Script Roles in SCCM
Script Roles in SCCM
In SCCM there are 3 Roles when it comes to using Script:
Script Runners
Script Authors
Script Approvers
I would like to know where in SCCM will you create those roles ?
Thank you
In SCCM there are 3 Roles when it comes to using Script:
Script Runners
Script Authors
Script Approvers
I would like to know where in SCCM will you create those roles ?
Thank you
SCCM
Last Comment
jskfan
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thank you Guys...
Want to know after you create a Role and assign to it Permissions, then do you have to add that role to a collection or an Application Security tab to determine who can do what on that collection or Application ?
For instance if you want some Roles to be able to install Applications or Deploy Updates on certain Collections only but not on other collections.
- I know for Scripts , there is no tab.. the Roles you create will apply to every Script you create.
Want to know after you create a Role and assign to it Permissions, then do you have to add that role to a collection or an Application Security tab to determine who can do what on that collection or Application ?
For instance if you want some Roles to be able to install Applications or Deploy Updates on certain Collections only but not on other collections.
- I know for Scripts , there is no tab.. the Roles you create will apply to every Script you create.
ASKER
I will come back to this topic next time I reset the LAB
Thank you
Thank you
https://docs.microsoft.com/en-us/configmgr/apps/deploy-use/create-deploy-scripts
The three security roles used for running scripts aren't created by default in Configuration Manager. To create the script runners, script authors, and script approvers roles, follow the outlined steps.
1. In the Configuration Manager console, go to Administration >Security >Security Roles
2. Right-click on a role and click Copy. The role you copy has permissions already assigned. Make sure you take only the permissions that you want.
3. Give the custom role a Name and a Description.
4. Assign the security role the permissions outlined below.
How to set up roles:
Role Name: Script Runners
Description: These permissions enable this role to only run scripts that were previously created and approved by other roles.
Permissions: Ensure the following are set to Yes.
Collection - Run Script - Yes
Site - Read - Yes
SMS Scripts - Read - Yes
Role Name: Script Authors
Description: These permissions enable this role to author scripts, but they can’t approve or run them.
Permissions: Ensure the following permissions are set.
Collection - Run Script - No
Site - Read - Yes
SMS Scripts - Create - Yes
SMS Scripts - Read - Yes
SMS Scripts - Delete - Yes
SMS Scripts - Modify - Yes
Role Name: Script Approvers
Description: These permissions enable this role to approve scripts, but they can’t create or run them.
Permissions: Ensure the following permissions are set.
Collection - Run Script - No
Site - Read - Yes
SMS Scripts - Read - Yes
SMS Scripts - Approve - Yes
SMS Scripts - Modify - Yes
https://docs.microsoft.com/en-us/configmgr/apps/deploy-use/create-deploy-scripts