The document is archived and information here might be outdated
Prerequisites for Compliance Settings in Configuration Manager
Updated: May 14, 2015
Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1
Compliance settings in System Center 2012 Configuration Manager has the following dependencies within the product.
Specific security permissions must have been granted to manage compliance settings.
You must have the following security permissions to manage compliance settings:
To view and manage alerts and reports for compliance settings: Create, Delete, Modify, Modify Report, Read, and Run Report for the Alerts object.
To manage configuration baseline deployments: Deploy Configuration Items, Modify Client Status Alert, Modify, Read, and Read Resource for the Collection object.
To create and manage configuration baselines and configuration items: Create, Delete, Modify, Modify Folder, Modify Report, Move Object, Read, Run Report, and Set Security Scope permission for the Configuration Item object.
To run queries related to compliance settings: Read permission for the Query object.
To view compliance settings information in the Configuration Manager console: Read permission for the Site object.
To select software updates to be used in configuration baselines: Read permission for the Software Updates object.
To view status messages for compliance settings: Read permission for the Status Messages object.
For System Center 2012 Configuration Manager SP1 and later:
To manage user data and profiles configuration items: Author Policy, Modify Report, Read and Run Report for the Settings for user data and profile management object.
The Compliance Settings Manager security role includes these permissions that are required to manage compliance settings in Configuration Manager.