In SCOM 2007 R2 you can easily restrict what someone can see when they launch the SCOM console.
SCOM 2007 R2 comes with built in roles, you may have seen them Administration, Security, User Roles. Whats that you say? You can’t use these because the users you want to grant access should only get specific server like SQL only and they give access to everything? Well don’t worry I am going to explain how to get around this.
Go to Administration Tab : User Roles
Pick a type that has the level of access you are looking for and then right click on Users Roles and New User Role to create a new role.
General Properties : Here you can give your role a name, description and add members to it.
I suggest adding AD groups and not individual users but it’s your environment so you decide.
Restricting the SCOPE and VIEWS for the User Profile
Group Scope : This is the first part of putting restriction in place. Here you define what groups of objects you want the user to be able to affect.
Tasks: You can approve all or only specific tasks you want this user role to be able to run.
Views: This is the second part of putting a restriction in place. Here you can pick specific branches of your monitoring tree and that’s all this user role will be able to see.
Now your console may look something like this for a UPS operator…