Specific security permissions must be granted to manage VPN profiles |
You must have the following security permissions to manage company resource access settings, such as certificate profiles, Wi-Fi profiles, and VPN profiles:
To view and manage alerts and reports for VPN profiles: Create, Delete, Modify, Modify Report, Read, and Run Report permissions for the Alerts object. To create and manage certificate profiles: Author Policy, Modify Report, Read and Run Report permissions for the Certificate Profile object. To manage Wi-Fi, certificate, and VPN profile deployments: Deploy Configuration Policies, Modify Client Status Alert, Read, and Read Resource permissions for the Collection object. To manage all configuration policies: Create, Delete, Modify, Read and Set Security Scope permissions for the Configuration Policy object. To run queries that are related to VPN profiles: Read permission for the Query object. To view VPN profiles information in the Configuration Manager console: Read permission for the Site object. To view status messages for VPN profiles: Read permission for the Status Messages object. To create and modify the Trusted CA certificate profile: Author Policy, Modify Report, Read and Run Report permissions for the Trusted CA Certificate Profile object. To create and manage VPN profiles: Author Policy, Modify Report, Read, and Run Report permissions for the VPN Profile object. To create and manage Wi-Fi profiles: Author Policy, Modify Report, Read, and Run Report permissions for the Wi-Fi Profile object.
The Company Resource Access Manager security role includes these permissions that are required to manage VPN profiles in Configuration Manager. For more information, see the Configure Role-Based Administration section in the Configuring Security for Configuration Manager topic. |