Edit

Share via

Add-CMSecurityRoleToAdministrativeUser

Module:
ConfigurationManager

Add a security role to a user or group.

Syntax

Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUserName <String>
   -RoleName <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUser <IResultObject>
   -RoleId <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUser <IResultObject>
   -RoleName <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUser <IResultObject>
   -InputObject <IResultObject>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUserId <Int32>
   -RoleId <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUserId <Int32>
   -RoleName <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUserId <Int32>
   -InputObject <IResultObject>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUserName <String>
   -RoleId <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUserName <String>
   -InputObject <IResultObject>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

Use this cmdlet to add a security role to an administrative user or administrative group in Configuration Manager.

Permissions defined in a role represent object types and actions available for each object type. Configuration Manager provides some built-in security roles. You can also create custom security roles. For more information about security roles, see Fundamentals of role-based administration in Configuration Manager.

You can specify an administrative user or group by name or by ID or you can use the use the Get-CMAdministrativeUser cmdlet to get a user or group object. An administrative user in Configuration Manager defines a local or ___domain user or group. You can specify a role to add by name or by ID, or you can use the Get-CMSecurityRole cmdlet to get a role.

Note

Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.

Examples

Example 1: Add custom security role to a ___domain user group

This command adds the custom security role SecurityRole17 for the ___domain group Western Administrators. This command assumes that you already created the custom security role and the administrative user.

Add-CMSecurityRoleToAdministrativeUser -AdministrativeUserName "Contoso\Western Administrators " -RoleName "SecurityRole17"

Parameters

-AdministrativeUser

Specify an administrative user object to configure. To get this object, use the Get-CMAdministrativeUser cmdlet.

Type:IResultObject
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-AdministrativeUserId

Specify the ID of the administrative user to configure. This value is the AdminID property, which is an integer value. For example, 16777234.

Type:Int32
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-AdministrativeUserName

Specify the name of the administrative user to configure.

You can use wildcard characters:

  • *: Multiple characters
  • ?: Single character
Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableWildcardHandling

This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ForceWildcardHandling

This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Specify a security role object to add. To get this object, use the Get-CMSecurityRole cmdlet.

Type:IResultObject
Aliases:Role
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-RoleId

Specify the ID of the security role to add. This value is the RoleID property, for example SMS000AR for the OS Deployment Manager role.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-RoleName

Specify the name of the security role to add.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet doesn't run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.ConfigurationManagement.ManagementProvider.IResultObject

Outputs

System.Object