Add-CMSecurityRoleToAdministrativeUser

Module:

ConfigurationManager

Add a security role to a user or group.

Syntax

Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUserName <String>
   -RoleName <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUser <IResultObject>
   -RoleId <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUser <IResultObject>
   -RoleName <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUser <IResultObject>
   -InputObject <IResultObject>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUserId <Int32>
   -RoleId <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUserId <Int32>
   -RoleName <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUserId <Int32>
   -InputObject <IResultObject>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUserName <String>
   -RoleId <String>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-CMSecurityRoleToAdministrativeUser
   -AdministrativeUserName <String>
   -InputObject <IResultObject>
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

Use this cmdlet to add a security role to an administrative user or administrative group in Configuration Manager.

Permissions defined in a role represent object types and actions available for each object type. Configuration Manager provides some built-in security roles. You can also create custom security roles. For more information about security roles, see Fundamentals of role-based administration in Configuration Manager.

You can specify an administrative user or group by name or by ID or you can use the use the Get-CMAdministrativeUser cmdlet to get a user or group object. An administrative user in Configuration Manager defines a local or domain user or group. You can specify a role to add by name or by ID, or you can use the Get-CMSecurityRole cmdlet to get a role.

Note

Run Configuration Manager cmdlets from the Configuration Manager site drive, for example PS XYZ:\>. For more information, see getting started.

Examples

Example 1: Add custom security role to a domain user group

This command adds the custom security role SecurityRole17 for the domain group Western Administrators. This command assumes that you already created the custom security role and the administrative user.

Add-CMSecurityRoleToAdministrativeUser -AdministrativeUserName "Contoso\Western Administrators " -RoleName "SecurityRole17"

Parameters

-AdministrativeUser

Specify an administrative user object to configure. To get this object, use the Get-CMAdministrativeUser cmdlet.

Type:	IResultObject
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-AdministrativeUserId

Specify the ID of the administrative user to configure. This value is the AdminID property, which is an integer value. For example, 16777234.

Type:	Int32
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-AdministrativeUserName

Specify the name of the administrative user to configure.

You can use wildcard characters:

• *: Multiple characters
• ?: Single character

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-DisableWildcardHandling

This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-ForceWildcardHandling

This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-InputObject

Specify a security role object to add. To get this object, use the Get-CMSecurityRole cmdlet.

Type:	IResultObject
Aliases:	Role
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-RoleId

Specify the ID of the security role to add. This value is the RoleID property, for example SMS000AR for the OS Deployment Manager role.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-RoleName

Specify the name of the security role to add.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet doesn't run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

Microsoft.ConfigurationManagement.ManagementProvider.IResultObject

Outputs

System.Object

Related Links

• Remove-CMSecurityRoleFromAdministrativeUser
• Add-CMSecurityScopeToAdministrativeUser
• Get-CMAdministrativeUser
• Get-CMSecurityRole
• Automate role-based administration with Windows PowerShell