User Security Rights – Virtual/Physical Packages

2017-12-11T14:03:10+00:00 August 1st, 2011|Azure, Cloud|

A customer recently wanted to create a security right in Configuration Manager that allowed a user to create packages; both physical and virtual whilst restricting access to the other components in the console.

At first glance this seems a fairly trivial task – create a group and add it as an user security right in SCCM, then assign the required classes – in this case;

  • Collection – Read
  • Package – Full

This had the desired effect for physical packages however the option to create a virtual application package was gone. 🙁

Several minutes of adding each class one at a time found that the ‘Site’ class with ‘Read’ and ‘Manage SQL Commands’ is required to display the option to create a virtual package. This complicates things a little as it allows users to make changes to certain attributes in the ‘Site Settings’ section – to mitigate this I added instance security rights to the primary site node giving the group I had created no permissions.