Install agents requires SCOM Administrator. SCOM Admin is not scopable. This is or at least was in the security guide documentation.
What I have seen customers do, is set up a small web service with a form or Orchestrator runbook, or Service Manager self-service activity, that inputs agent names, or reads in a csv file, then that service is already pre-configured to use an account behind the scenes with rights. From: [email protected] [mailto:[email protected]] On Behalf Of Sven Wells Sent: Tuesday, September 16, 2014 6:34 AM To: [email protected] Subject: [msmom] SCOM 2012 R2 User Role restrictions Hello, We're trying to figure out how to provide some of our other admins enough permissions in SCOM to be able to push/uninstall SCOM agents via the Console, w/o giving them permissions to the entire "Operations Manager Administrators" role. These admins also need the ability to view and act on alerts in the console as well as run Reports, but they do not need Authoring or Full Administration in SCOM. We've found that unless they have the Administration option in their console, they can't push/uninstall SCOM agents via the console, which ultimately provides them FULL access to SCOM. Any ideas? Thanks, Sven Sven Wells PRINCIPAL SYSTEMS ADMINISTRATOR Communication and Infrastructure Services TIP - Technology, Innovation and Performance PPD Wilmington NC HQ Phone +1 910 558 6870 [email protected] <mailto:[email protected]>www.ppdi.com <http://www.ppdi.com/> PPD LSS Yellow Belt [cid:[email protected]] This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient or a person responsible for delivering this transmission to the intended recipient, you are hereby notified that you must not read this transmission and that any disclosure, copying, printing, distribution or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner.
