Remove-CMSecurityRole

Remove a custom security role.

Syntax

Remove-CMSecurityRole
      [-Force]
      -InputObject <IResultObject>
      [-DisableWildcardHandling]
      [-ForceWildcardHandling]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-CMSecurityRole
      [-Force]
      -Id <String>
      [-DisableWildcardHandling]
      [-ForceWildcardHandling]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Remove-CMSecurityRole
      [-Force]
      -Name <String>
      [-DisableWildcardHandling]
      [-ForceWildcardHandling]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

Use this cmdlet to remove a custom security role from Configuration Manager. Specify the name or ID of a security role you want to remove or use the Get-CMSecurityRole cmdlet to get one.

You can use the Remove-CMSecurityRole cmdlet to remove old, unneeded custom security roles. You can't remove built-in security roles. Every administrative user must have at least one security role. Before you remove a security role, make sure every user has a role in addition to the one you remove.

For more information on security roles and permissions, see Fundamentals of role-based administration in Configuration Manager.

Note

Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.

Examples

Example 1: Remove a security role by using a name

This command removes a security role named MainSecurityRole. The command uses the Force parameter, so it doesn't prompt you for confirmation.

Remove-CMSecurityRole -Name "MainSecurityRole" -Force

Example 2: Remove a security role by using a variable

The first command uses the Get-CMSecurityRole cmdlet to get all security roles that start with Custom, and stores them in the $role variable.

The second command removes the first security role stored in the array. Since it doesn't specify the Force parameter, this command prompts for confirmation.

$role = Get-CMSecurityRole -Name "Custom*"
Remove-CMSecurityRole -InputObject $role[1]

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableWildcardHandling

This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ForceWildcardHandling

This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Id

Specify the ID of the security role to remove. This value is the RoleID property. Since this cmdlet only works with custom roles, this value should always start with the site code. (IDs for built-in roles start with SMS.)

Type:String
Aliases:RoleId
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Specify a security role object to remove. To get this object, use the Get-CMSecurityRole cmdlet.

Type:IResultObject
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Name

Specify the name of the security role to remove.

Type:String
Aliases:RoleName
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:True

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet doesn't run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.ConfigurationManagement.ManagementProvider.IResultObject

Outputs

System.Object