Note:: Server Admins user dont have any access to these devices Remote Tools Operator, Application Deployment Manager, Application Author and Application Administrator. 3) Scopes Summary tab will help you to perform the audit on security scopes assigned to a particular users in the Hierarchy.The RBA modeling tool can help you to create a custom security role and export it.The auditing of security roles and security scopes is also possible through RBA Viewer (RBAViewer.exe).
Have you ever played with RBAViewer.exe If not, start using it Looking for Intune RBAC I would recommend reading following post Microsoft Documents In this post, I m trying to explore RBA Viewer in some more details. How it can be used more effectively The documentation provided with this toolkit is excellent ( ToolkitHelp ), however, Ive seen that lot of us never look into those documentations.This is continuation of the my post about Policy Spy. RBA modeling and auditing tool is part of ConfigMgr Toolkit and can be downloaded from the This LINK. Note:: You can use this tool only on is the machine where SCCM console is installed. To run this tool user has to be assigned to any one of the following security role Full Administrator, Read-only Analyst or Security Administrator. Also, the user has to be assigned to All security scope and All collections. To analyze report folder and reports, user must have SQL rights. Three very useful buttons on left top corner of the tool Audit RBA, Run As and Setting. Following topics are covered in this post CREATE, CUSTOMIZE, TEST and EXPORT Security Roles Audit RBA Entire Hierarchy Run As Audit RBA configuration for a specific user CREATE, CUSTOMIZE, TEST and EXPORT Security Roles You can select built-in security roles from Security Roles drop down menu. Using RBA viewer, you can CREATE, CUSTOMIZE, TEST and EXPORT security roles. In the following pic, you can see that new Remote Tool operator role has selected. You can customize this security role as per the requirement with the help of RBA tool. This can be done very easily by selectingdeselecting check marks as shown in the following pic. Once you have customized the role as per the requirement, you can even test the same with the help of RBA tool. ![]() Once youve done with the validation of the console and reports, you can export the new security role into a XML file and IMPORT the same for the production use. Audit RBA Entire Hierarchy SCCM RBAC The Audit RBA button on the top left corner of the tool can be used to perform Audit for all Existing Administrative UsersCollections HierarchySecurity scopes in Configuration Manager. User Summary tab will help you to audit the rights of a particular user. In the following pic, we can see the access details of a user Called Server Admins. In my scenario, Server Admins user is having access to all the devices in a collection named All Server Clients. And Server Admins are Application Author, Application Administrator and Software Update Manager with respect to All Server Clients collection. Collection Summary tab will help you to audit the permissions of a particular user with respect to a Collection. In the following pic, we can see the access details of a user Called Desktop Admins in a collection named All Desktop Clients. In my scenario, Desktop Admins can take remote control of the devices, Deploy applications to those devices in the collection All Desktop Clients. Also, the user Desktop Admins is Application Author and Application administrator for those devices. Note:: Server Admins user dont have any access to these devices Remote Tools Operator, Application Deployment Manager, Application Author and Application Administrator. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |