The user needs permissions to the site object in a security scope assigned to him and needs read on the collection that the collection he is importing to is limited to.
That last sentence is a somewhat complicated technically accurate way of saying the user needs access to the parent collection of the collection he is importing to. Hth Sent from my Windows Phone ________________________________ From: Mote, Todd<mailto:[email protected]> Sent: 10/10/2014 19:37 To: [email protected]<mailto:[email protected]> Cc: '[email protected]'<mailto:[email protected]> Subject: [mssms] RBAC and import computer So I’m trying to set up a user account that will be used in a script to be able to import computer information. Using the RBA Viewer, I worked out a set that RBA Viewer says works. When I actually go and put the same scope, user, and collections together and open the console as the user, I get different results from what the RBA viewer tells me I should see. SCCM 2012 R2 CU2. The rights I’ve granted are essentially read only-analyst (from Brian) plus in the Collection section I’ve added Modify, Modify Resource, Delete Resource, and in the Site section added Import Machine. Like I said, RBA Viewer using RunAs for the same user produces different results than when I open the console as the user. Any ideas, or have I left something out I need? Todd
