Skip to main content

Permissions

No Configuration Manager console is required to work with the SCCM Teleporter.

Authorization and execution of all actions are done via the SMS_Provider of the respective SCCM site, the permissions of a user always correspond to the permissions of his assigned security role within the Configuration Manager.

With the SCCM Teleporter it is possible to create Configuration Manager objects, to edit them or to delete them in case of a rollback. Therefore, as when working with the Configuration Manager console, the following administrative permissions are necessary within SCCM:

  • Application: Read; Modify; Delete; Set safe area; Create; Approve; Move object; Modify folder; Run report; Modify report
  • Collection: Read; Modify; Delete; Remote control; Modify resource; Delete resource; Create; View Collected Files; Read Resource; Move Object; Deploy Packages; Monitoring Security; Deploy Client Settings; Modify Folder; Enforce Security; Deploy Antimalware Policy; Deploy Applications; Modify Collection Setting; Deploy Configuration Items; Deploy Task Sequences; Control AMT; Deploy AMT; Deploy Software Updates; Deploy Configuration Policies; Modify Client Status Warning
  • Distribution point: Read; Copy to distribution point
  • Distribution point group: Read; Copy to distribution point
  • Package: Read; Modify; Delete; Set safe area; Create; Move object; Modify folder
  • Role: Read
  • Site: Read
  • Driver: Read; Modify; Delete; Set safe area; Create; Move object; Modify folder
  • Driver package: Read; Modify; Delete; Set safe area; Create; Move object; Modify folder
  • Operating system image: Read; Modify; Delete; Set safe area; Create; Move object; Modify folder
  • Operating system upgrade package: Read; Modify; Delete; Set safe area; Create; Move object; Modify folder
  • Task sequence: Read; Modify; Delete; Set safe area; Create; Move object; Modify folder
  • The current user must not be restricted to instances of the objects related to the assigned security roles.

The easiest way to provide these rights is to import a security role within the Configuration Manager console:

import-security-role.png

For the import of this security role the following XML file can be used for this purpose:

<SMS_Roles>
	<SMS_Role CopiedFromID="SMS0001R" RoleName="SCCM Teleporter" RoleDescription="Role for the SCCM Teleporter">
		<Operations>
			<Operation GrantedOperations="1342176935" ObjectTypeID="1" />
			<Operation GrantedOperations="140311" ObjectTypeID="2" />
			<Operation GrantedOperations="1" ObjectTypeID="6" />
			<Operation GrantedOperations="140311" ObjectTypeID="14" />
			<Operation GrantedOperations="140311" ObjectTypeID="18" />
			<Operation GrantedOperations="3286039" ObjectTypeID="20" />
			<Operation GrantedOperations="140311" ObjectTypeID="23" />
			<Operation GrantedOperations="140295" ObjectTypeID="25" />
			<Operation GrantedOperations="1" ObjectTypeID="27" />
			<Operation GrantedOperations="142359" ObjectTypeID="31" />
			<Operation GrantedOperations="9" ObjectTypeID="42" />
			<Operation GrantedOperations="9" ObjectTypeID="43" />
		</Operations>
	</SMS_Role>
</SMS_Roles>

Then the user in question is added to the administrative users and assigned the previously created security role.

sccm-user.png

When connecting to a site server, the system automatically checks whether the user has the necessary rights to manage all object types supported by the SCCM Teleporter.

If the user does not have sufficient permissions, a warning is issued and the unassigned permissions are displayed.