Upravit

Sdílet prostřednictvím


Get-CMSecurityRolePermission

Get the permissions for the specified security role.

Syntax

Get-CMSecurityRolePermission
   -Name <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [<CommonParameters>]
Get-CMSecurityRolePermission
   -Id <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [<CommonParameters>]
Get-CMSecurityRolePermission
   -InputObject <IResultObject>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [<CommonParameters>]

Description

Use this cmdlet to get the permissions for the specified security role. For more information on security roles and permissions, see Fundamentals of role-based administration in Configuration Manager.

If your account doesn't have permissions to view security roles in the site, this cmdlet returns no results.

Note

Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.

Examples

Example 1: Get permissions for a specific role

This example first gets an object for the built-in security role Application author in the variable $role. It then passes that object to the Get-CMSecurityRolePermission cmdlet, and saves the list of permissions in the $rolePermission variable.

$roleName = "Application author"
$role = Get-CMSecurityRole -Name $roleName
$rolePermission = $role | Get-CMSecurityRolePermission

Example 2: View classes for a specific role

This example is similar to the previous example, but filters and sorts the results differently. It only displays the class names to which the role has permissions, and sorts the list alphabetically.

$rolePermission | Select-Object ObjectTypeDisplayName | Sort-Object -Property ObjectTypeDisplayName

Parameters

-DisableWildcardHandling

This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ForceWildcardHandling

This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Id

Specify the ID of the security role to get its permissions. This value is the RoleID property, for example SMS000AR for the OS Deployment Manager role.

To view all roles and IDs for the site, use the following command:

Get-CMSecurityRole | Select-Object RoleID, RoleName

Type:String
Aliases:RoleId
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Specify a security role object to get its permissions. To get this object, use the Get-CMSecurityRole cmdlet.

Type:IResultObject
Aliases:SecurityRole
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Name

Specify the name of the security role to get its permissions.

Type:String
Aliases:RoleName
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:True

Inputs

Microsoft.ConfigurationManagement.ManagementProvider.IResultObject

Outputs

IResultObject[]

IResultObject

Notes

The return object is the RoleOperation class, which includes an instance of the SMS_ARoleOperation class. For more information, see SMS_ARoleOperation server WMI class.