We did this in 2007 but in 2012, they're wanting to go all Console. I think I'll be rolling a PowerShell GUI to help facilitate all of this.
Thanks, On Wed, Jan 8, 2014 at 9:21 AM, Sherry Kissinger <[email protected]>wrote: > Once someone has create or modify on a collection, they can change > anything. > > I suggest have a "front end" -- either a web page, or a powershell gui > (something like that) which those regional staff can use; you could keep it > simple "input computer names here" (and a separate one for usernames), and > trust they've already confirmed the exact computer name and the exact > username, or your could get as complex as you like on > verification--confirming the computer or user exists, confirming that the > user running the "add a computer" has the correct "rights" to manage that > particular computer or user. > > The web page does the actual adding using a service account--which has > rights to that collection. Basically, a "roll your own shopping". > > You could also look at all the various shopping addons for CM12--that's > pretty much what you are looking for. > > > Sherry Kissinger > Microsoft MVP - ConfigMgr > [email protected] > > ------------------------------ > *From:* Jason Wallace <[email protected]> > *To:* "[email protected]" <[email protected]> > *Sent:* Wednesday, January 8, 2014 7:32 AM > *Subject:* Re: [mssms] RBAC, is this possible? > > I really don’t think that you would be able to do this. > > http://gallery.technet.microsoft.com/Matrix-of-Role-Based-d6318b96 is a > very useful resource on RBAC, as is Chris Nacker’s blog > > Sent from Windows Mail > > *From:* Stephen Owen <[email protected]> > *Sent:* Wednesday, 8 January 2014 13:27 > *To:* [email protected] > > Hi all, > > My client would like to setup RBAC so that regional IT users are able to > add individual computers or users to a collection, but not create or modify > query-based collection membership queries, which I will be creating. > > I've not spent a lot of time with RBAC, do you know if this is possible? > > > Thanks! > > > > > >
