For each collection, you could use Groups in AD and do a query based collection....
Michael Dzikowski Senior Systems Engineer | Ally Technical Infrastructure - Windows Hosting [cid:[email protected]] From: [email protected] [mailto:[email protected]] On Behalf Of Stephen Owen Sent: Thursday, January 23, 2014 12:56 PM To: [email protected] Subject: Re: [mssms] Role based access question: how to handle Software Distribution Collections Does anyone else have any advice on handling RBAC in this situation? On Thu, Jan 23, 2014 at 11:21 AM, Stephen Owen <[email protected]<mailto:[email protected]>> wrote: Thanks Jason. The thing is that I have already created collections and advertisements for each application we deploy, and local IT will just need to put computers in those collections for distribution. Do you have any thoughts on how to allow them to place comuters in these collections in a simple manner? On Thu, Jan 23, 2014 at 11:11 AM, King, Jason <[email protected]<mailto:[email protected]>> wrote: You can create a Security Scope for each Local IT and Limit their access to ONLY the collections that have their PC in them. Then you can scope any application to the group that is allowed to use it but they should only be able to see the users/computers you set the limiting collection to be . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jason King | Solutions Design Team From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Stephen Owen Sent: Thursday, January 23, 2014 10:38 AM To: [email protected]<mailto:[email protected]> Subject: [mssms] Role based access question: how to handle Software Distribution Collections Hello all, For a client, we have a number of small offices with a local IT resource in charge of the systems there, something thing 45 offices. We've created query based collections to limit the local IT to seeing only their computers in the console, and this is working fine. However, we also have a large number of Software Distribution collections, and we want local IT to be able to place the users in those collections to deploy software. How do I allow the local IT user to do so, without having to manually add Application Deployment Manager to each one of these collections, for each one of the offices? Is there a better way? One big concern is that if I give them Application Deployment Manager to the Adobe Professional Collection, I don't want them to see other regions computers. Thanks, ________________________________ CONFIDENTIALITY NOTICE: This email contains information from the sender that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise protected from disclosure. This email is intended for use only by the person or entity to whom it is addressed. If you are not the intended recipient, any use, disclosure, copying, distribution, printing, or any action taken in reliance on the contents of this email, is strictly prohibited. If you received this email in error, please contact the sending party by reply email, delete the email from your computer system and shred any paper copies. Note to Patients: There are a number of risks you should consider before using e-mail to communicate with us. See our Privacy & Security page on www.henryford.com<http://www.henryford.com> for more detailed information as well as information concerning MyChart, our new patient portal. If you do not believe that our policy gives you the privacy and security protection you need, do not send e-mail or Internet communications to us.
<<inline: image001.png>>
