基于角色的管理和审核工具Role-based Administration and Auditing Tool

适用范围:Configuration Manager (Current Branch)Applies to: Configuration Manager (current branch)

基于角色的管理和审核工具是一个 Configuration Manager 工具The Role-based Administration and Auditing Tool is one of the Configuration Manager tools. 使用此工具执行以下任务:Use this tool for the following tasks:

  • 建模具有特定权限的安全角色Model security roles with specific permissions

  • 审核其他用户拥有的安全作用域和安全角色Audit the security scopes and security roles that other users have

要求Requirements

  • 在 Configuration Manager 站点服务器所在的计算机上运行它Run it on the same computer as the Configuration Manager site server

  • 你具有“完全权限管理员”、“只读分析员”或“安全管理员”角色 You have the Full Administrator, Read-only Analyst, or Security Administrator role

  • 将帐户分配给所有安全作用域和所有集合Assign your account to the All security scope and all collections

  • (可选)要分析报表文件夹的安全性,必须具有 SQL 访问权限(Optional) To analyze report folder security, you must have SQL access

  • (可选)要分析报表钻取,请在具有报表点角色的站点系统服务器上运行此工具(Optional) To analyze report drill-through, run this tool on the site system server with the reporting point role

过程Procedures

为新角色的权限建模Model permissions for a new role

使用以下过程为要创建的新角色的权限建模:Use the following procedure to model permissions for a new role that you want to create:

  1. 运行 RBAViewer.exe。Run RBAViewer.exe.

  2. 选择要基于其进行构建,或从空权限集启动的基本安全角色。Select the base security roles you want to build on, or start from an empty permission set. 选择必要的权限。Select the necessary permissions.

  3. 单击“分析”以查看此自定义角色将看到的用户界面。Click Analyze to see the user interface this custom role will see.

    备注

    要查看是否存在符合要求的现有安全角色,请切换到“相似性”选项卡。To see whether there's an existing security role that meets your requirements, switch to the Similarity tab.

  4. 单击“导出”将角色另存为 XML 文件。Click Export to save the role as an XML file. 然后将其导入 Configuration Manager 控制台。Then import it to the Configuration Manager console. 有关详细信息,请参阅创建自定义安全角色For more information, see Create custom security roles.

审核现有安全作用域Audit existing security scopes

使用以下过程来审核 Configuration Manager 中的所有现有管理用户、集合和安全作用域:Use the following procedure to audit all existing administrative users, collections, and security scopes in Configuration Manager:

  1. 运行 RBAViewer.exe。Run RBAViewer.exe.

  2. 选择工具栏中的“审核 RBA”按钮。Select the Audit RBA button in the toolbar.

    1. 若要在树状视图中查看限于集合的关系,请切换到“集合摘要”选项卡。To view the collection-limited relationships in a tree view, switch to the Collection Summary tab.

    2. 若要查看分配到安全角色的对象,请切换到“范围摘要”选项卡。To view objects assigned to a security role, switch to the Scope Summary tab.

审核特定用户Audit a specific user

使用以下过程来审核特定用户的基于角色的管理配置:Use the following procedure to audit the role-based administration configuration for a specific user:

  1. 运行 RBAViewer.exe。Run RBAViewer.exe.

  2. 选择工具栏中的“运行方式”按钮。Select the Run As button in the toolbar.

  3. 输入特定用户名以检查该帐户的权限。Input the specific user name to check the permissions for that account.

  4. 该工具显示分配给用户或用户所属安全组的安全角色。The tool displays the security roles assigned to the user or the security group the user belongs to. 它还显示此用户可以看到的对象以及它们可以在控制台中执行的操作。It also displays the objects this user can see and the actions they can take in the console.

另请参阅See also