Set-CMSecurityRolePermission
Configure a security role with specific permissions.
Syntax
SearchByValue (Default)
Set-CMSecurityRolePermission
-InputObject <IResultObject>
-RolePermission <Hashtable>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SearchById
Set-CMSecurityRolePermission
-Id <String>
-RolePermission <Hashtable>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SearchByName
Set-CMSecurityRolePermission
-Name <String>
-RolePermission <Hashtable>
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Use this cmdlet to configure a security role with specific permissions. For more information on security roles and permissions, see Fundamentals of role-based administration in Configuration Manager.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.
Examples
Example 1
This example first gets an object for the security role Contoso custom role in the variable $role. It then creates a hashtable of allowed operations, or permissions, in the $ops variable. These permissions include the following operations:
- Create and delete boundaries
- Read applications
- Modify alert subscriptions, including set security scope
The example then uses the Set-CMSecurityRolePermission cmdlet to set the specified permissions on the specified security role.
$roleName = "Contoso custom role"
$role = Get-CMSecurityRole -Name $roleName
$ops = @{
Boundaries = "Create,Delete";
Application="Read";
"Alert Subscription"="Modify,Set Security Scope"
}
$role | Set-CMSecurityRolePermission -RolePermission $ops
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Id
Specify the ID of the security role to configure its permissions. This value is the RoleID property, for example SMS000AR for the OS Deployment Manager role.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | RoleId |
Parameter sets
SearchById
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-InputObject
Specify a security role object to configure its permissions. To get this object, use the Get-CMSecurityRole cmdlet.
Parameter properties
| Type: | IResultObject |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | SecurityRole |
Parameter sets
SearchByValue
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Name
Specify the name of the security role to configure its permissions.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | True |
| DontShow: | False |
| Aliases: | RoleName |
Parameter sets
SearchByName
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-RolePermission
Specify a hashtable of allowed operations, or permissions, for the target role. The first value of the hashtable is the class name, and the second value is an array of permission names.
For an example, see Example 1.
Parameter properties
| Type: | Hashtable |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet doesn't run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.