New-CMAdministrativeUserPermission
Create a permissions object to assign to an administrative user.
Syntax
ByValue (Default)
New-CMAdministrativeUserPermission
-InputObject <IResultObject>
[-Collection <IResultObject[]>]
[-CollectionId <String[]>]
[-CollectionName <String[]>]
[-SecurityScope <IResultObject[]>]
[-SecurityScopeId <String[]>]
[-SecurityScopeName <String[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>]
ById
New-CMAdministrativeUserPermission
-RoleId <String>
[-Collection <IResultObject[]>]
[-CollectionId <String[]>]
[-CollectionName <String[]>]
[-SecurityScope <IResultObject[]>]
[-SecurityScopeId <String[]>]
[-SecurityScopeName <String[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>]
ByName
New-CMAdministrativeUserPermission
-RoleName <String>
[-Collection <IResultObject[]>]
[-CollectionId <String[]>]
[-CollectionName <String[]>]
[-SecurityScope <IResultObject[]>]
[-SecurityScopeId <String[]>]
[-SecurityScopeName <String[]>]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>]
Description
Use this cmdlet to create a permissions object to assign to an administrative user in Configuration Manager. Permissions can include security roles, security scopes, or collections. An administrative user in Configuration Manager defines a local or domain user or group. For more information about security roles, see Fundamentals of role-based administration in Configuration Manager.
Use this permissions object with the New-CMAdministrativeUser cmdlet and its Permission parameter.
Note
Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.
Examples
Example 1
This example creates an object that defines the following permissions:
- Security role: Read-only Analyst
- Security scope: Scope1
- Collection: All Systems
It then creates a new administrative user for contoso\jqpublic and assigns these permissions. The last command displays the new user's permissions.
$accountName = "contoso\jqpublic"
$roleName = "Read-only Analyst"
$scopeName = "Scope1"
$collectionName = "All Systems"
$role = Get-CMSecurityRole -Name $roleName
$scope = Get-CMSecurityScope -Name $scopeName
$collection = Get-CMCollection -Name $collectionName
$perms = $role | New-CMAdministrativeUserPermission -RoleName $role.RoleName -SecurityScopeNames $scope.CategoryName -CollectionNames $collection.Name
$User = New-CMAdministrativeUser -Name $accountName -Permission $perms
$User.Permissions
Parameters
-Collection
Specify an array of collection objects to add to the permissions. To get this object, use the Get-CMCollection cmdlet.
Parameter properties
| Type: | IResultObject[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Collections |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-CollectionId
Specify an array of collection IDs to add to the permissions. This value is the CollectionID property, for example, SMS00001.
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | CollectionIds |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-CollectionName
Specify an array of collection names to add to the permissions.
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | CollectionNames |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-InputObject
Specify a security role object to add to the permissions. To get this object, use the Get-CMSecurityRole cmdlet.
Parameter properties
| Type: | IResultObject |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Role |
Parameter sets
ByValue
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-RoleId
Specify the ID of a security role to add to the permissions. This value is the RoleID property, for example SMS000AR for the OS Deployment Manager role.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
ById
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-RoleName
Specify the name of a security role to add to the permissions.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
ByName
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-SecurityScope
Specify a security scope object to add to the permissions. To get this object, use the Get-CMSecurityScope cmdlet.
Parameter properties
| Type: | IResultObject[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | SecurityScopes |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-SecurityScopeId
Specify the ID of a security scope to add to the permissions. This value is the CategoryID property, for example SMS00UNA for the Default scope.
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | SecurityScopeIds |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-SecurityScopeName
Specify the name of a security scope to add to the permissions.
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | SecurityScopeNames |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
Microsoft.ConfigurationManagement.ManagementProvider.IResultObject
Outputs
IResultObject
Notes
For more information on this return object and its properties, see SMS_APermission server WMI class.