How to Set User Security Rights for a Configuration Manager Object

  • Article

Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2

To set user security rights for a Microsoft System Center Configuration Manager 2007 object instance by using the managed SMS Provider, you create an instance of an SMS_UserInstancePermissions object. You must provide the required security rights, the key value for the object instance, the object instance type, and the user that the rights are being set for.

For more information about Configuration Manager 2007 object rights, see Classes and Instances for Object Security in Configuration Manager (https://go.microsoft.com/fwlink/?LinkID=111709).

For more information about setting rights for a class Configuration Manager 2007 objects, see How to Set User Security Rights for a Class of Configuration Manager Objects.

To set user security rights for a Configuration Manager object

  1. Set up a connection to the SMS Provider. For more information, see About the SMS Provider in Configuration Manager.

  2. Using the connection object you obtain in step 1, create an SMS_UserInstancePermissions object.

  3. With the SMS_UserInstancePermissions object, set the UserName property to the user name that you want to set permissions for.

  4. Set the ObjectKey property to the object type that you want to set permissions for. For more information, see SMS_UserInstancePermissions.

  5. Set the InstanceKey property to the key identifier of the object you want to set permissions for.

  6. Set the InstancePermissions property to the required permissions using the UserClassPermissions enumeration.

  7. Commit the SMS_UserInstancePermissions object.

Example

The following example sets the instance permissions for a specific collection, identified by its collection identifier, for a supplied user.

For information about calling the sample code, see Calling Configuration Manager Code Snippets.

Sub SetSecurityForCollectionInstance(connection, userName, collectionID)

    Dim permissions
    dim collections
    
    set permissions = connection.Get("SMS_UserInstancePermissions").SpawnInstance_()
    If Err.Number<>0 Then
        Wscript.Echo "Couldn't get instance permissions object"
        Exit Sub
    End If
    
    Set collections = _
        connection.ExecQuery("Select * From SMS_Collection where CollectionID = '" + collectionID + "'")
    
    If collections.Count = 0 Then
        WScript.Echo "Collection " + collectionID + " does not exist"
        Exit Sub
    End If
        
    permissions.UserName = userName
    permissions.ObjectKey = 1 'Collections
    permissions.InstanceKey = collectionID
    permissions.InstancePermissions = 3 ' Read and modify
   
    permissions.Put_
    If Err.Number<>0 Then
        Wscript.Echo "Couldn't commit instance permissions"
        Exit Sub
    End If
    
    WScript.Echo "Instance permissions added"

public void SetSecurityForCollectionInstance(WqlConnectionManager connection, string userName, string collectionID)
{
    try
    {
        IResultObject permissions = connection.CreateInstance("SMS_UserInstancePermissions");
        permissions["UserName"].StringValue = userName;
        permissions["ObjectKey"].IntegerValue = 1; //Collections
        permissions["InstanceKey"].StringValue = collectionID;
        permissions["InstancePermissions"].IntegerValue = (int)UserClassPermissions.Modify;
        permissions.Put();
    }
    catch (SmsException ex)
    {
        Console.WriteLine("Failed to set permissions. Error: " + ex.Message);
        throw;
    }
}

This example method has the following parameters:

Parameter Type Description

connection

Managed: WqlConnectionManager

VBScript: SWbemServices

A valid connection to the SMS Provider.

Username

Managed: String

VBScript: String

The user name the right is applied to.

collectionID

Managed: String

VBScript: String

The collection identifier. This can be obtained from the SMS_Collection class CollectionID property.

Compiling the Code

The C# example has the following requirements:

Namespaces

System

System.Collections.Generic

System.ComponentModel

Microsoft.ConfigurationManagement.ManagementProvider

Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine

Assembly

microsoft.configurationmanagement.managementprovider

adminui.wqlqueryengine

Robust Programming

The Configuration Manager exceptions that can be raised are SmsConnectionException and SmsQueryException. These can be caught together with SmsException.

See Also

Concepts

Configuration Manager Objects Overview
Configuration Manager Object Security
How to Connect to an SMS Provider in Configuration Manager by Using Managed Code
How to Connect to an SMS Provider in Configuration Manager by Using WMI
How to Create a Configuration Manager Object by Using Managed Code
How to Set User Security Rights for a Class of Configuration Manager Objects
How to Use Configuration Manager Objects with Managed Code