Get-CMSecurityRolePermission
Get the permissions for the specified security role.
Syntax
Get-CMSecurityRolePermission
-Name <String>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>] Get-CMSecurityRolePermission
-Id <String>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>] Get-CMSecurityRolePermission
-InputObject <IResultObject>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>] Description
Use this cmdlet to get the permissions for the specified security role. For more information on security roles and permissions, see Fundamentals of role-based administration in Configuration Manager.
If your account doesn't have permissions to view security roles in the site, this cmdlet returns no results.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.
Examples
Example 1: Get permissions for a specific role
This example first gets an object for the built-in security role Application author in the variable $role. It then passes that object to the Get-CMSecurityRolePermission cmdlet, and saves the list of permissions in the $rolePermission variable.
$roleName = "Application author"
$role = Get-CMSecurityRole -Name $roleName
$rolePermission = $role | Get-CMSecurityRolePermissionExample 2: View classes for a specific role
This example is similar to the previous example, but filters and sorts the results differently. It only displays the class names to which the role has permissions, and sorts the list alphabetically.
$rolePermission | Select-Object ObjectTypeDisplayName | Sort-Object -Property ObjectTypeDisplayNameParameters
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Id
Specify the ID of the security role to get its permissions. This value is the RoleID property, for example SMS000AR for the OS Deployment Manager role.
To view all roles and IDs for the site, use the following command:
Get-CMSecurityRole | Select-Object RoleID, RoleName
| Type: | String |
| Aliases: | RoleId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Specify a security role object to get its permissions. To get this object, use the Get-CMSecurityRole cmdlet.
| Type: | IResultObject |
| Aliases: | SecurityRole |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Name
Specify the name of the security role to get its permissions.
| Type: | String |
| Aliases: | RoleName |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | True |
Inputs
Microsoft.ConfigurationManagement.ManagementProvider.IResultObject
Outputs
IResultObject[]
IResultObject
Notes
The return object is the RoleOperation class, which includes an instance of the SMS_ARoleOperation class. For more information, see SMS_ARoleOperation server WMI class.