Database Reference
In-Depth Information
How it works...
The default settings for access to System Center Configuration Manager reports is limited
to administrators and a number of feature-related security roles. This recipe provides with
the steps to grant users role access purely for report access either using the console or the
Report Manager website. The recipe is split into three subsections, and these subsections
can be broken down as follows:
•
Active Directory Group for reporting role
: The recommended practice is to use
Active Directory groups for security delegation. You can create the group that will
be mapped to the SCCM security role.
•
Creating the report only security scope
: There is no default security role for re-
porting only. In this subsection, you can create the default role for security using a
copy of the least privileged out-of-the box role (Read-only Analyst). The Read-
only Analyst role has the sole purpose of granting view-only access for all objects
in the SCCM console. You must remove the read access for categories not required
for reporting. The key categories you must configure are Read and Run reports for
the Site category and Read for the Collection category. The site option ensures the
reporting node is available and the collection category ensures reports that require
collection names as parameters can run. You must be delegated access to the col-
lections you select in the reports.
•
Add the Active Directory user group and configure the reporting scope
: The
steps in this subsection cover the final part of the reporting delegation. You can add
the administrative user for the reporting view by selecting an Active Directory
group or user. You can then select the relevant role, in this case, the custom report-
ing role, and finally, you can select the scope. The minimum requirement is the de-
fault security scope.
