Importing a new device with variables doesn't work if you don't have access to ALL devices\ All Systems Collection
We have RBAC implemented such that console users do not have read permission to the All System collection. Instead, we have delegated collections of devices to which they can admin, using a query rule to include device objects created matching certain criteria (name starts with some defined value, no client registered, created via manual machine entry, CAS site code). The issue is that when using the computer import wizard and selecting to use a CSV for bulk import, the wizard crashes with a permission error when defining device variables. The wizard succeeds only if the devices are imported ignoring the variable columns, waiting for the query rule to add the new device objects into the respective collection, then running the wizard again to include the variable.
This behavior implies that the wizard first creates a new device object, then immediately edits or queries for the object to add the variables. Because the new device object does not yet exist in a collection the user has necessary perms to read\edit, the import fails so the object is not actually created. What is expected is that the wizard is able to create the object, including the variable data at creation.
The business impact of the behavior is that IT pros who are delegated the ability to pre-stage objects in SCCM for OSD have to run the import wizard, wait for the incremental\manual collection update to add the new objects to their collection, then run the import wizard again. This behavior is inefficient and irksome when viewed from the perspective of the console user as it doubles the number of steps and runtime for importing devices. One may question why a CSV is used or how often it happens, I was told that it was easier to train IT pros and student employees to use a CSV template to include all the necessary info regardless of number of records to import.