Set-SCOMUserRole
Set-SCOMUserRole
Configures an Operations Manager user role.
Syntax
Parameter Set: FromAllClassScope
Set-SCOMUserRole [-UserRole] <UserRole> -AllClass [-PassThru] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: FromAllGroupScope
Set-SCOMUserRole [-UserRole] <UserRole> -AllGroup [-PassThru] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: FromAllTaskScope
Set-SCOMUserRole [-UserRole] <UserRole> -AllTask [-PassThru] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: FromClassScope
Set-SCOMUserRole [-UserRole] <UserRole> -ClassScope <ManagementPackClass[]> [-PassThru] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: FromGroupcope
Set-SCOMUserRole [-UserRole] <UserRole> -GroupScope <MonitoringObjectGroup[]> [-PassThru] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: FromTaskScope
Set-SCOMUserRole [-UserRole] <UserRole> -TaskScope <ManagementPackTask[]> [-PassThru] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: FromUser
Set-SCOMUserRole [-UserRole] <UserRole> -User <String[]> [-PassThru] [-Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Set-SCOMUserRole cmdlet configures a System Center 2012 – Operations Manager user role. A user role contains two features:
-- Profile. Defines the collection of operations to which the user role has access.
-- Scope. Defines the boundaries for profile operations; for example, tasks and groups.
You can use this cmdlet to update the user list or the scope of the user role.
Parameters
-AllClass
Indicates that the permissions that an Author user role grants extend to all classes.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-AllGroup
Indicates that the permissions that a user role grants extend to all groups.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-AllTask
Indicates that the permissions that an Author, Operator, or Advanced Operator user role grants extend to all tasks.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-ClassScope<ManagementPackClass[]>
Specifies an array of ManagementPackClass objects that represent the classes to which an Author role has access. To obtain a ManagementPackClass object, use the Get-SCOMClass cmdlet.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-GroupScope<MonitoringObjectGroup[]>
Specifies an array of MonitoringObjectGroup objects that represent the groups to which a user role has access. To obtain a monitoring object group object, use the Get-MonitoringObjectGroup cmdlet.
If you do not specify a value for this parameter, the role has access to all groups. To deny the role access to all groups, specify $Null or an empty array, @().
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-PassThru
Indicates that the cmdlet creates or modifies an object that a command can use in the pipeline. By default, this cmdlet does not generate any output.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-TaskScope<ManagementPackTask[]>
Specifies an array of ManagementPackTask objects that represent the tasks to which an Author, Operator, or Advanced Operator role has access.
If you do not specify a value for this parameter, the role has access to all tasks. To deny the Author, Operator, or Advanced Operator role access to all tasks, specify $Null or an empty array, @().
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-User<String[]>
Specifies an array of user names that are part of this user role. This list replaces any existing list of users. To clear all users from a user role, specify $Null or an empty array, @().
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-UserRole<UserRole>
Specifies a user role object. To obtain a UserRole object, us the Get-SCOMUserRole cmdlet.
Aliases |
none |
Required? |
true |
Position? |
1 |
Default Value |
none |
Accept Pipeline Input? |
true (ByValue) |
Accept Wildcard Characters? |
false |
-Confirm
Prompts you for confirmation before running the cmdlet.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
Outputs
The output type is the type of the objects that the cmdlet emits.
Examples
Example 1: Grant a user role access to all tasks
This example shows how to update a user role to grant it access to all tasks.
The first command gets the user role object named Contoso Operators and stores the object in the $Role variable.
The second command uses the pipeline operator to pass the user role stored in the $Role variable to the Set-SCOMUserRole cmdlet. This cmdlet grants the user role access to all tasks and returns the updated user role object. The command then passes the updated object to Set-SCOMUserRole by using the pipeline operator, which approves the role for all groups.
PS C:\> $Role = Get-SCOMUserRole -Name "Constoso Operators"
PS C:\> $Role | Set-SCOMUserRole -AllTask -PassThru | Set-SCOMUserRole -AllGroup
Example 2: Grant a user role access to specific tasks
This example shows how to update a user role to grant it access to specific tasks.
The first command gets the user role object named Contoso SQL Operators and stores the object in the $Role variable.
The second command gets all task objects with SQL in their names and stores the objects in the $NewTaskList variable.
The last command uses the pipeline operator to pass the user role stored in the $Role variable to Set-SCOMUserRole, which resets the collection of approved tasks to the list stored in the $NewTaskList variable.
PS C:\> $Role = Get-SCOMUserRole -Name "Constoso SQL Operators"
PS C:\> $NewTaskList = Get-SCOMTask -Name "*SQL*"
PS C:\> $Role | Set-SCOMUserRole -TaskScope $NewTaskList
Example 3: Add a user a user role
This example adds a user to a user role.
The first command gets the user role object named Contoso Read-Only Operators and stores the object in the $Role variable.
The second command uses the pipeline operator to pass the object stored in the $Role variable to the Set-SCOMUserRole cmdlet, which adds the user Contoso\Cesar to the existing list of users for the role.
PS C:\> $Role = Get-SCOMUserRole -Name "Contoso Read-Only Operators"
PS C:\> $Role | Set-SCOMUserRole -User ($Role.Users + "Contoso\Cesar")
Related topics
Get-MonitoringObjectGroup