Restricting what Opsmgr users can see in the console

In SCOM 2007 R2 you can easily restrict what someone can see when they launch the SCOM console.

SCOM 2007 R2 comes with built in roles, you may have seen them Administration, Security, User Roles. Whats that you say? You can’t use these because the users you want to grant access should only get specific server like SQL only and they give access to everything? Well don’t worry I am going to explain how to get around this.

 Go to Administration Tab : User Roles

Pick a type that has the level of access you are looking for and then right click on Users Roles and New User Role to create a new role.

General Properties : Here you can give your role a name, description and add members to it.

I suggest adding AD groups and not individual users but it’s your environment so you decide.

Restricting the SCOPE and VIEWS for the User Profile

Group Scope : This is the first part of putting restriction in place. Here you define what groups of objects you want the user to be able to affect.

Tasks: You can approve all or only specific tasks you want this user role to be able to run.

Views:  This is the second part of putting a restriction in place. Here you can pick specific branches of your monitoring tree and that’s all this user role will be able to see.

Now your console may look something like this for a UPS operator…

Console

Advertisements
This entry was posted in Misc Stuff and tagged , , , , , , , , , . Bookmark the permalink.

One Response to Restricting what Opsmgr users can see in the console

  1. FoxDeploy says:

    This is one of the top results for ‘restricting a user in SCOM’. As a fellow WordPress blogger, you might want to revisit this for SCOM 2012 and maybe make a longer, walkthrough version of this post. Could be good traffic for you!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s