CM12–Audit your Role Based Administration roles

One of the truly nice features of Configuration Manager 2012 is the ability to define roles and scopes and assign these to users or groups. While trying to setup a delegation/security model in Configuration Manager 2007 was possible it was also an exercise in frustration.

For an introduction to RBA please refer to

An interesting aspect of RBA is that the console reflects the settings – that is the user is only shown what is accessible.

Microsoft has released a very nice tool – RBA viewer as part of the Configuration Manager 2012 Toolkit (ConfigMgr2012_Toolkit_RTM_1028.exe) found on

RBA Viewer allow you to see the rights for a given role and see how the console looks.


The image above shows the default Endpoint Protection Manager role. Please notice that clicking on the various UI elements will show you what is available for the role. That is clicking on Device Collections will show elements available to the role. Very nice.


Notice how you can change the individual rights of the role by simply checking the right. This way you can use the tool to actually model the roles you need. If you make multiple roles you can analyze the similarity of your roles to existing ones.


In the screenshot above I am comparing the Infrastructure Administrator role to the other roles to see which ones are similar.

You can export the roles to an .xml file and import it into Configuration Manager 2012

The RBA Viewer is a great tool for examining the existing roles and understanding how RBA works. The ability to quickly see how the admin UI (the console) looks for a role is a real timesaver.

This entry was posted in Configuration Manager, Customization and tagged , , , , , , . Bookmark the permalink.

One Response to CM12–Audit your Role Based Administration roles

  1. Pingback: Værktøj til at arbejde med CM12 RBA roller « Microsoft infrastruktur

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s