Set-SCOMUserRole

Set-SCOMUserRole

Configures an Operations Manager user role.

Syntax

Parameter Set: FromAllClassScope
Set-SCOMUserRole [-UserRole] <UserRole> -AllClass [-PassThru] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: FromAllGroupScope
Set-SCOMUserRole [-UserRole] <UserRole> -AllGroup [-PassThru] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: FromAllTaskScope
Set-SCOMUserRole [-UserRole] <UserRole> -AllTask [-PassThru] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: FromClassScope
Set-SCOMUserRole [-UserRole] <UserRole> -ClassScope <ManagementPackClass[]> [-PassThru] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: FromGroupcope
Set-SCOMUserRole [-UserRole] <UserRole> -GroupScope <MonitoringObjectGroup[]> [-PassThru] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: FromTaskScope
Set-SCOMUserRole [-UserRole] <UserRole> -TaskScope <ManagementPackTask[]> [-PassThru] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: FromUser
Set-SCOMUserRole [-UserRole] <UserRole> -User <String[]> [-PassThru] [-Confirm] [-WhatIf] [ <CommonParameters>]

Detailed Description

The Set-SCOMUserRole cmdlet configures a System Center 2012 – Operations Manager user role. A user role contains two features:

-- Profile. Defines the collection of operations to which the user role has access.
-- Scope. Defines the boundaries for profile operations; for example, tasks and groups.

You can use this cmdlet to update the user list or the scope of the user role.

Parameters

-AllClass

Indicates that the permissions that an Author user role grants extend to all classes.

-AllGroup

Indicates that the permissions that a user role grants extend to all groups.

-AllTask

Indicates that the permissions that an Author, Operator, or Advanced Operator user role grants extend to all tasks.

-ClassScope<ManagementPackClass[]>

Specifies an array of ManagementPackClass objects that represent the classes to which an Author role has access. To obtain a ManagementPackClass object, use the Get-SCOMClass cmdlet.

-GroupScope<MonitoringObjectGroup[]>

Specifies an array of MonitoringObjectGroup objects that represent the groups to which a user role has access. To obtain a monitoring object group object, use the Get-MonitoringObjectGroup cmdlet.

If you do not specify a value for this parameter, the role has access to all groups. To deny the role access to all groups, specify $Null or an empty array, @().

-PassThru

Indicates that the cmdlet creates or modifies an object that a command can use in the pipeline. By default, this cmdlet does not generate any output.

-TaskScope<ManagementPackTask[]>

Specifies an array of ManagementPackTask objects that represent the tasks to which an Author, Operator, or Advanced Operator role has access.

If you do not specify a value for this parameter, the role has access to all tasks. To deny the Author, Operator, or Advanced Operator role access to all tasks, specify $Null or an empty array, @().

-User<String[]>

Specifies an array of user names that are part of this user role. This list replaces any existing list of users. To clear all users from a user role, specify $Null or an empty array, @().

-UserRole<UserRole>

Specifies a user role object. To obtain a UserRole object, us the Get-SCOMUserRole cmdlet.

-Confirm

Prompts you for confirmation before running the cmdlet.

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

Outputs

The output type is the type of the objects that the cmdlet emits.

Examples

Example 1: Grant a user role access to all tasks

This example shows how to update a user role to grant it access to all tasks.

The first command gets the user role object named Contoso Operators and stores the object in the $Role variable.

The second command uses the pipeline operator to pass the user role stored in the $Role variable to the Set-SCOMUserRole cmdlet. This cmdlet grants the user role access to all tasks and returns the updated user role object. The command then passes the updated object to Set-SCOMUserRole by using the pipeline operator, which approves the role for all groups.

PS C:\> $Role = Get-SCOMUserRole -Name "Constoso Operators"
PS C:\> $Role | Set-SCOMUserRole -AllTask -PassThru | Set-SCOMUserRole -AllGroup

Example 2: Grant a user role access to specific tasks

This example shows how to update a user role to grant it access to specific tasks.

The first command gets the user role object named Contoso SQL Operators and stores the object in the $Role variable.

The second command gets all task objects with SQL in their names and stores the objects in the $NewTaskList variable.

The last command uses the pipeline operator to pass the user role stored in the $Role variable to Set-SCOMUserRole, which resets the collection of approved tasks to the list stored in the $NewTaskList variable.

PS C:\> $Role = Get-SCOMUserRole -Name "Constoso SQL Operators"
PS C:\> $NewTaskList = Get-SCOMTask -Name "*SQL*"
PS C:\> $Role | Set-SCOMUserRole -TaskScope $NewTaskList

Example 3: Add a user a user role

This example adds a user to a user role.

The first command gets the user role object named Contoso Read-Only Operators and stores the object in the $Role variable.

The second command uses the pipeline operator to pass the object stored in the $Role variable to the Set-SCOMUserRole cmdlet, which adds the user Contoso\Cesar to the existing list of users for the role.

PS C:\> $Role = Get-SCOMUserRole -Name "Contoso Read-Only Operators"
PS C:\> $Role | Set-SCOMUserRole -User ($Role.Users + "Contoso\Cesar") 

Related topics

Add-SCOMUserRole

Get-SCOMUserRole

Get-MonitoringObjectGroup

Get-SCOMClass