Export (0) Print
Expand All
Expand Minimize

Add-SCOMUserRole

Updated: January 26, 2014

Applies To: System Center 2012 R2 Operations Manager

Add-SCOMUserRole

Adds a user role to a management group.

Syntax

Parameter Set: Operator
Add-SCOMUserRole [-Name] <String> [[-DisplayName] <String> ] [[-Description] <String> ] [[-Users] <String[]> ] -Operator [-ComputerName <String[]> ] [-Credential <PSCredential> ] [-GroupScope <MonitoringObjectGroup[]> ] [-SCSession <Connection[]> ] [-TaskScope <ManagementPackTask[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: AdvancedOperator
Add-SCOMUserRole [-Name] <String> [[-DisplayName] <String> ] [[-Description] <String> ] [[-Users] <String[]> ] -AdvancedOperator [-ComputerName <String[]> ] [-Credential <PSCredential> ] [-GroupScope <MonitoringObjectGroup[]> ] [-SCSession <Connection[]> ] [-TaskScope <ManagementPackTask[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: Author
Add-SCOMUserRole [-Name] <String> [[-DisplayName] <String> ] [[-Description] <String> ] [[-Users] <String[]> ] -Author [-ClassScope <ManagementPackClass[]> ] [-ComputerName <String[]> ] [-Credential <PSCredential> ] [-GroupScope <MonitoringObjectGroup[]> ] [-SCSession <Connection[]> ] [-TaskScope <ManagementPackTask[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: ReadOnlyOperator
Add-SCOMUserRole [-Name] <String> [[-DisplayName] <String> ] [[-Description] <String> ] [[-Users] <String[]> ] -ReadOnlyOperator [-ComputerName <String[]> ] [-Credential <PSCredential> ] [-GroupScope <MonitoringObjectGroup[]> ] [-SCSession <Connection[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]




Detailed Description

The Add-SCOMUserRole cmdlet adds a user role to a management group. A user role consists of two features:

-- Profile. Defines the collection of operations to which the user role has access.
-- Scope. Defines the boundaries for profile operations; for example, tasks and groups.

Parameters

-AdvancedOperator

Indicates that the new role is an Advanced Operator. This role grants members the ability to override the configuration of rules and monitors for specific targets or groups of targets within the configured scope. The Advanced Operator role also grants all of the permissions that the Operator and Read-Only Operator profiles grant.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-Author

Indicates that the new role is an Author. This role grants members the ability to create, edit, and delete monitoring configuration that includes tasks, rules, monitors, and views, within the configured scope. For convenience, an Author role can have permissions for specific groups. The Author role also grants all of the permissions in the Advanced Operator, Operator, and Read-Only Operator roles.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-ClassScope<ManagementPackClass[]>

Specifies an array of ManagementPackClass objects that represent the classes to which an Author role has access. To obtain a ManagementPackClass object, use the Get-SCOMClass cmdlet.

If you do not specify a value for this parameter, the role has access to all classes. To deny the role access to all classes, specify $Null or an empty array, @().


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-ComputerName<String[]>

Specifies an array of names of computers. The cmdlet establishes temporary connections with management groups for these computers. You can use NetBIOS names, IP addresses, or fully qualified domain names (FQDNs). To specify the local computer, type the computer name, localhost, or a dot (.).

The computer must run the System Center Data Access service.

If you do not specify this parameter, the default is the computer for the current management group connection.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue)

Accept Wildcard Characters?

false

-Credential<PSCredential>

Specifies a PSCredential object for the management group connection. To obtain a PSCredential object, use the Get-Credential cmdlet. For more information, type Get-Help Get-Credential.

If you specify a computer in the ComputerName parameter, use an account that has access to that computer. The default is the current user.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue)

Accept Wildcard Characters?

false

-Description<String>

Specifies a description of the user role. If you do not specify a value for this parameter, the cmdlet uses the value of the DisplayName parameter.


Aliases

none

Required?

false

Position?

3

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-DisplayName<String>

Specifies the display name of the user role. If this parameter does not appear, the default is the value in the Name parameter.


Aliases

none

Required?

false

Position?

2

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-GroupScope<MonitoringObjectGroup[]>

Specifies an array of MonitoringObjectGroup objects that represent the groups to which a user role has access. To obtain a monitoring object group object, use the Get-MonitoringObjectGroup cmdlet.

If you do not specify a value for this parameter, the role has access to all groups. To deny the role access to all groups, specify $Null or an empty array, @()


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-Name<String>

Specifies the name of the user role.


Aliases

none

Required?

true

Position?

1

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-Operator

Indicates that the new role is an Operator. This role grants members the ability to interact with alerts, run tasks, and access views according to their configured scope. The Operator role also grants all of the permissions that the Read-Only Operator profile grants.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-ReadOnlyOperator

Indicates that the new role is a Read-Only Operator. This role grants members the ability to view alerts and access views according to their configured scope.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-SCSession<Connection[]>

Specifies an array of Connection objects. To get Connection objects, specify the Get-SCOMManagementGroupConnection cmdlet.

If this parameter does not appear, the cmdlet uses the active persistent connection to a management group. Use the SCSession parameter to specify a different persistent connection. You can create a temporary connection to a management group by using the ComputerName and Credential parameters. For more information, type Get-Help about_OpsMgr_Connections.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByValue)

Accept Wildcard Characters?

false

-TaskScope<ManagementPackTask[]>

Specifies an array of ManagementPackTask objects that represent the tasks to which an Author, Operator, or Advanced Operator role has access. To obtain a ManagementPackTask object, use the ManagementPack.GetTask cmdlet. If this parameter does not appear, the role has access to all tasks. To deny the Author, Operator, or Advanced Operator role access to all tasks, specify $Null or an empty array, @().


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-Users<String[]>

Specifies an array that contains the names of users who are part of the user role.


Aliases

none

Required?

false

Position?

4

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before executing the command.


Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Describes what would happen if you executed the command without actually executing the command.


Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

Outputs

The output type is the type of the objects that the cmdlet emits.

Examples

Example 1: Add a new Read Only Operator user role

This command adds a Read Only Operator user role named Script Role.


PS C:\> Add-SCOMUserRole -Name 'Script Role' -ReadOnlyOperator

Example 2: Add a new user role by specifying user names, tasks, and groups

This example adds a user role based on user names, tasks, and groups.

The first two commands get all task and group objects that have SQL in their names and store the objects in the $ApprovedTasks and $ApprovedGroups variables, respectively.

The last command creates an Operator user role named SQL Operator, which contains the users Katarina and Cesar. The user role gives these two users access to the tasks and groups that are stored in $ApprovedTasks and $ApprovedGroups.


PS C:\> $ApprovedTasks = Get-SCOMTask -Name '*SQL*'
PS C:\> $ApprovedGroups = Get-SCOMGroup -DisplayName '*SQL*'
PS C:\> Add-SCOMUserRole -Name 'SQL Operator' -Operator -GroupScope $ApprovedGroups -TaskScope $ApprovedTasks -User 'Contoso\Katarina','Contoso\Cesar'

Related topics

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft