\n
![\"create](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/06\/rbac-osd01.png\")
<\/a>Create a query rule to add only the designated Computer object to this collection, I decided to take all Workstations, queried by Name:\n
![\"Query\"](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/06\/rbac-osd02.png\")
<\/a>Confirm the Settings and don’t forget to activate “Use incremental Updates for this collection”, mind that there is a non-Technical Limit of 200 collections on which incremental updates should be activated (See http:\/\/technet.microsoft.com\/en-us\/library\/gg699372.aspx<\/a>\u00a0for further information):\n
![\"Collection\"](\"http:\/\/hosebei.wordpress.com\/wp-content\/uploads\/2013\/06\/rbac-osd04.png\")
<\/a>With this, you can create the collection you need, and to\u00a0which the users will add new\u00a0Computers\u00a0while using the SCCM Console by “Add Computer Information”. I will not Point out how to create another collection \ud83d\ude42<\/p>\nAfter this is done, it is time to create the security role with permission for only the mentioned use. Those are the required permissions to add a Computer: Hey, here’s Martin again. You often come across to the requirement, that you have give access to users to\u00a0the System Center 2012 Configuration Manager Console, that they can add new Computers to the Hierarchy to stage them with a Task Sequence. They only have to add them to a specific collection, nothing more: with Role […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,27],"tags":[],"class_list":["post-770","post","type-post","status-publish","format-standard","hentry","category-collection","category-operating-system-deployment"],"_links":{"self":[{"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=\/wp\/v2\/posts\/770","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=770"}],"version-history":[{"count":0,"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=\/wp\/v2\/posts\/770\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=770"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=770"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nOn the collections: Read; Modify; Modify Resource; Delete Resource; Read Resource
\n<\/a>And on the site: Read; Import Computers
\n<\/a>
\nIf this is done, you can add your user or Group to SCCM:
\n<\/a>Add the designated security principal, the new limiting collection, and the collection to which the users should be able to add new devices. You can use the Default Security Scope:
\n<\/a>With this configuration, user Jukebox is able to add new devices and make a Membership rule to the designated collection. On the left side you see the console opened with Jukebox and adding a new Device, on the right side you see the same hierachry from an admin view:
\n<\/a>With this permission the user can:
\n-They only see those devices which resides in the limiting collection (in this example the “ROL -All Clients for OSD”)
\n– Add Computers and add them to one collection
\n– Delete resources from the two collections (Remove “Delete Resource” from collection permission if not wanted)
\n– Modify collection Name and Membership rules of the two collections
\n– Clear PXE Flags on the devices they see and on the two collections<\/p>\n","protected":false},"excerpt":{"rendered":"