Set-CMSecurityRolePermission
Configure a security role with specific permissions.
Syntax
Set-CMSecurityRolePermission
-InputObject <IResultObject>
-RolePermission <Hashtable>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMSecurityRolePermission
-Id <String>
-RolePermission <Hashtable>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-CMSecurityRolePermission
-Name <String>
-RolePermission <Hashtable>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Use this cmdlet to configure a security role with specific permissions. For more information on security roles and permissions, see Fundamentals of role-based administration in Configuration Manager.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.
Examples
Example 1
This example first gets an object for the security role Contoso custom role in the variable $role. It then creates a hashtable of allowed operations, or permissions, in the $ops variable. These permissions include the following operations:
- Create and delete boundaries
- Read applications
- Modify alert subscriptions, including set security scope
The example then uses the Set-CMSecurityRolePermission cmdlet to set the specified permissions on the specified security role.
$roleName = "Contoso custom role"
$role = Get-CMSecurityRole -Name $roleName
$ops = @{
Boundaries = "Create,Delete";
Application="Read";
"Alert Subscription"="Modify,Set Security Scope"
}
$role | Set-CMSecurityRolePermission -RolePermission $opsParameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Id
Specify the ID of the security role to configure its permissions. This value is the RoleID property, for example SMS000AR for the OS Deployment Manager role.
| Type: | String |
| Aliases: | RoleId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Specify a security role object to configure its permissions. To get this object, use the Get-CMSecurityRole cmdlet.
| Type: | IResultObject |
| Aliases: | SecurityRole |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Name
Specify the name of the security role to configure its permissions.
| Type: | String |
| Aliases: | RoleName |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | True |
-RolePermission
Specify a hashtable of allowed operations, or permissions, for the target role. The first value of the hashtable is the class name, and the second value is an array of permission names.
For an example, see Example 1.
| Type: | Hashtable |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet doesn't run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.ConfigurationManagement.ManagementProvider.IResultObject
Outputs
System.Object