New-CMAdministrativeUserPermission
Create a permissions object to assign to an administrative user.
Syntax
New-CMAdministrativeUserPermission
[-Collection <IResultObject[]>]
[-CollectionId <String[]>]
[-CollectionName <String[]>]
-InputObject <IResultObject>
[-SecurityScope <IResultObject[]>]
[-SecurityScopeId <String[]>]
[-SecurityScopeName <String[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>] New-CMAdministrativeUserPermission
[-Collection <IResultObject[]>]
[-CollectionId <String[]>]
[-CollectionName <String[]>]
-RoleId <String>
[-SecurityScope <IResultObject[]>]
[-SecurityScopeId <String[]>]
[-SecurityScopeName <String[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>] New-CMAdministrativeUserPermission
[-Collection <IResultObject[]>]
[-CollectionId <String[]>]
[-CollectionName <String[]>]
-RoleName <String>
[-SecurityScope <IResultObject[]>]
[-SecurityScopeId <String[]>]
[-SecurityScopeName <String[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>] Description
Use this cmdlet to create a permissions object to assign to an administrative user in Configuration Manager. Permissions can include security roles, security scopes, or collections. An administrative user in Configuration Manager defines a local or domain user or group. For more information about security roles, see Fundamentals of role-based administration in Configuration Manager.
Use this permissions object with the New-CMAdministrativeUser cmdlet and its Permission parameter.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.
Examples
Example 1
This example creates an object that defines the following permissions:
- Security role: Read-only Analyst
- Security scope: Scope1
- Collection: All Systems
It then creates a new administrative user for contoso\jqpublic and assigns these permissions. The last command displays the new user's permissions.
$accountName = "contoso\jqpublic"
$roleName = "Read-only Analyst"
$scopeName = "Scope1"
$collectionName = "All Systems"
$role = Get-CMSecurityRole -Name $roleName
$scope = Get-CMSecurityScope -Name $scopeName
$collection = Get-CMCollection -Name $collectionName
$perms = $role | New-CMAdministrativeUserPermission -RoleName $role.RoleName -SecurityScopeNames $scope.CategoryName -CollectionNames $collection.Name
$User = New-CMAdministrativeUser -Name $accountName -Permission $perms
$User.PermissionsParameters
-Collection
Specify an array of collection objects to add to the permissions. To get this object, use the Get-CMCollection cmdlet.
| Type: | IResultObject[] |
| Aliases: | Collections |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CollectionId
Specify an array of collection IDs to add to the permissions. This value is the CollectionID property, for example, SMS00001.
| Type: | String[] |
| Aliases: | CollectionIds |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CollectionName
Specify an array of collection names to add to the permissions.
| Type: | String[] |
| Aliases: | CollectionNames |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Specify a security role object to add to the permissions. To get this object, use the Get-CMSecurityRole cmdlet.
| Type: | IResultObject |
| Aliases: | Role |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-RoleId
Specify the ID of a security role to add to the permissions. This value is the RoleID property, for example SMS000AR for the OS Deployment Manager role.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RoleName
Specify the name of a security role to add to the permissions.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SecurityScope
Specify a security scope object to add to the permissions. To get this object, use the Get-CMSecurityScope cmdlet.
| Type: | IResultObject[] |
| Aliases: | SecurityScopes |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SecurityScopeId
Specify the ID of a security scope to add to the permissions. This value is the CategoryID property, for example SMS00UNA for the Default scope.
| Type: | String[] |
| Aliases: | SecurityScopeIds |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SecurityScopeName
Specify the name of a security scope to add to the permissions.
| Type: | String[] |
| Aliases: | SecurityScopeNames |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.ConfigurationManagement.ManagementProvider.IResultObject
Outputs
IResultObject
Notes
For more information on this return object and its properties, see SMS_APermission server WMI class.