It has been a while since I had written a blog post . Well , in this post we will talk about Role Based access control in SCCM which is a very handy feature .

Before we start with the lab , we should know what exactly in RBAC in SCCM . By using RBAc feature we can give specific access level to a user or a group. Let us say that we want a group of users to have access to reports only and he should not be able to do anything else / modify anything in SCCM , then we will use RBAC to create such access .


In this example , we will create a group and then add a user to it . then we will create a new access in SCCM who will not have access to even read Migration Jobs in SCCM .

Step 1 : Create a Active Directory Group :


I created a Group in \Active Directory and named it as Abheek Demo . After you have created the group , add a member to it .

SCCM Group


Add member to this group :

Add User


Now that we have created a group in Active Directory , added a user to it , let us move to SCCM Server :

Go to Administration and then Security Roles:



Now to create a new Access role in SCCM right click on any of the access roles and then click copy role



In the Permissions , set the following :



Now , Go to Administrative users and then create / Add new user or group and fill in the credentials . 



Now Add the Ad group and the role that we have created in the above post and then click ok.


Now log into the SCCM Using the user who is a part of that Group .



See the below figure , you cannot see the Migration jobs here :



Now login as admin and you can see the Migration Jobs :