Role-Based Administration

In Configuration Manager 2012, role-based administration is a feature that brings you “Show me what’s relevant for me” based on security roles and scopes. Configuration Manager 2012 comes with 15 standard roles, and you can also create custom roles.

Role-based administration is based on the following concepts:
Security Roles What types of objects can someone see, and what can they do to them?
Security Scope Which instances can someone see and interact with?
Collections Which resources can someone interact with?
 

As part of role-based administration you are able to limit collections; every collection is limited by another. Assigning a collection to an administrator will automatically assign all limited collections.
While planning role-based administration, explore the 15 standard roles and assign the rights to your administrators depending on the part of Configuration Manager they need to manage.
 

The 15 different roles from which you can choose are these:

1. Application administrator
2.  Application author
3.  Application deployment manager
4.  Asset manager
5.  Company resource access manager
6.  Compliance settings manager
7.  Endpoint protection manager
8.  Full administrator
9.  Infrastructure administrator
10.  Operating system deployment manager
11.  Operations administrator
12.  Read-only analyst
13.  Remote tools operator
14.  Security administrator
15.  Software updates manager

Role-based administration allows you to map organizational roles of administrators to security roles. Hierarchy-wide security management is done from a single management console.

You can add Active Directory user accounts to Configuration Manager 2012 in the Configuration Manager 2012 console. In the Administration workspace you will find Administrative Users under Security; here you can add the user accounts from your users who need to have access to Configuration Manager 2012. After adding the user accounts you can assign them the proper role.