Appendix A: SMS Object Security and WMI
Security in Microsoft® Systems Management Server (SMS) site hierarchies is designed to control access to objects in the SMS site database through the SMS Administrator console and to provide access to read and write information as needed for network administration, communication, and software distribution. The information that SMS objects use resides in the SMS site database. However, access to these objects through the SMS Administrator console is controlled by Windows Management Instrumentation (WMI) through the SMS Provider. The SMS Provider enforces a security model that creates SMS security objects (for example, Packages, Collections, Advertisements, Queries, Sites, and Status Messages) and creates specific SMS security rights. SMS security objects are objects in the SMS site database that have security rights administered through the SMS Administrator console. Users and user groups are granted specific SMS rights to SMS security objects.
Windows user and user group accounts are used to control access to the SMS security objects. SMS also includes SQL-level security; and as a consequence, direct access to an SMS site database is much more tightly controlled than in previous versions of SMS.
Security for SMS site hierarchies consists of three layers:
SMS Object Security (Appendix A: SMS Object Security and WMI)