Use this cmdlet to add a security role to an administrative user or administrative group in Configuration Manager.
Permissions defined in a role represent object types and actions available for each object type.
Configuration Manager provides some built-in security roles.
You can also create custom security roles.
For more information about security roles, see Fundamentals of role-based administration in Configuration Manager.
You can specify an administrative user or group by name or by ID or you can use the use the Get-CMAdministrativeUser cmdlet to get a user or group object. An administrative user in Configuration Manager defines a local or domain user or group.
You can specify a role to add by name or by ID, or you can use the Get-CMSecurityRole cmdlet to get a role.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.
Examples
Example 1: Add custom security role to a domain user group
This command adds the custom security role SecurityRole17 for the domain group Western Administrators. This command assumes that you already created the custom security role and the administrative user.
Specify an administrative user object to configure. To get this object, use the Get-CMAdministrativeUser cmdlet.
Parameter properties
Type:
IResultObject
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
AddRoleToAdminById_Object
Position:
Named
Mandatory:
True
Value from pipeline:
True
Value from pipeline by property name:
False
Value from remaining arguments:
False
AddRoleToAdminByName_Object
Position:
Named
Mandatory:
True
Value from pipeline:
True
Value from pipeline by property name:
False
Value from remaining arguments:
False
AddRoleToAdminByObject_Object
Position:
Named
Mandatory:
True
Value from pipeline:
True
Value from pipeline by property name:
False
Value from remaining arguments:
False
-AdministrativeUserId
Specify the ID of the administrative user to configure. This value is the AdminID property, which is an integer value. For example, 16777234.
Parameter properties
Type:
Int32
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
AddRoleToAdminById_Id
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
AddRoleToAdminByName_Id
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
AddRoleToAdminByObject_Id
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-AdministrativeUserName
Specify the name of the administrative user to configure.
You can use wildcard characters:
*: Multiple characters
?: Single character
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
AddRoleToAdminByName_Name
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
AddRoleToAdminById_Name
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
AddRoleToAdminByObject_Name
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type:
SwitchParameter
Default value:
False
Supports wildcards:
False
DontShow:
False
Aliases:
cf
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-InputObject
Specify a security role object to add. To get this object, use the Get-CMSecurityRole cmdlet.
Parameter properties
Type:
IResultObject
Default value:
None
Supports wildcards:
False
DontShow:
False
Aliases:
Role
Parameter sets
AddRoleToAdminByObject_Object
Position:
Named
Mandatory:
True
Value from pipeline:
True
Value from pipeline by property name:
False
Value from remaining arguments:
False
AddRoleToAdminByObject_Id
Position:
Named
Mandatory:
True
Value from pipeline:
True
Value from pipeline by property name:
False
Value from remaining arguments:
False
AddRoleToAdminByObject_Name
Position:
Named
Mandatory:
True
Value from pipeline:
True
Value from pipeline by property name:
False
Value from remaining arguments:
False
-RoleId
Specify the ID of the security role to add. This value is the RoleID property, for example SMS000AR for the OS Deployment Manager role.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
AddRoleToAdminById_Object
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
AddRoleToAdminById_Id
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
AddRoleToAdminById_Name
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-RoleName
Specify the name of the security role to add.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
AddRoleToAdminByName_Name
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
AddRoleToAdminByName_Object
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
AddRoleToAdminByName_Id
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet doesn't run.
Parameter properties
Type:
SwitchParameter
Default value:
False
Supports wildcards:
False
DontShow:
False
Aliases:
wi
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.