Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

Correct behavior of the "Add Resources" button (SCCM all versions).

Correct behavior of the "Add Resources" button (SCCM all versions).
When you use the "add resources" (to collection) button it uses the RBAC_InstancePermissions and does not take into account the limiting collection.
This is a problem in an environment where people take up different roles. For instance when you have different geographical units (each with limiting collections) and people have an additional read-only role for example for everything.

In this case the code behind a "direct membership" rule has the correct behavior, while the code behind the "add resources" button allows to add any resource.
Since the "add resources" button is applied on a collection it should take into account the limiting collection as well. Actually it doesn't.

Query behind "add resources"
select all SMS_R_System.ItemKey,SMS_R_System.Resource_Domain_OR_Workgr0,SMS_R_System.ItemKey,SMS_R_System.Name0 from vSMS_R_System AS SMS_R_System where (SMS_R_System.ItemKey in (select all SMS_DirFullCollMem.ResourceID from vSMS_DirFullCollMem AS SMS_DirFullCollMem where SMS_DirFullCollMem.CollectionID in (select all SUIP0.ObjectKey from RBAC_InstancePermissions AS SUIP0 where (SUIP0.AdminID in (16777222,0) AND ((GrantedOperations&1) = 1 AND SUIP0.ObjectTypeID in (1))))) AND ((SMS_R_System.Obsolete0 is null OR SMS_R_System.Obsolete0 = 0) AND SMS_R_System.Name0 like N'%%%')) order by SMS_R_System.Name0

Thanks for taking this into consideration.
Kind regards.

9 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
You have left! (?) (thinking…)
Alain VDP shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base