Knowing how to import a RBA (Role-Based Administration) security role from one ConfigMgr site to another will allow you to use security roles from other sites.
As a Microsoft Endpoint Manager Configuration Manager MEMCM / MECM/ SCCM / CM / ComfigMgr admin, you will leverage RBA for other admins. Without it everyone will be a full administrator and that generally only happens within smaller environments.
This is a useful technique to know because it allows you to create an RBA role within a development environment and then import it to your production environment. It also allows you to import RBA security roles that are freely available on the internet, such as Enhansoft’s Report Reader tool.
What is the Report Reader Security Role?
This MECM role is designed to allow NON-MECM admins to access All of the SSRS Reports. the SQL Server Reporting Service (SSRS) Reports and folder have security applied to the, via CM console. I generally recommend that you use a Active Drivers (AD) security group when using the CM Security roles. Otherwise it is messy to clean up at a later date.
Import a RBA Security Role
Although this blog post is written using ConfigMgr Current Branch, all of these steps apply to ConfigMgr 2012/R2.
Start within the ConfigMgr console and locate the Security Roles node, right-click on it and select Import Security Role.
Locate the xml file that you want to import and click Open.
With that last step, you have imported the security role and can assign it as needed to any user. You can see the imported security role highlighted in the screenshot below.
Don’t forget that you can subscribe to my RRS feed to stay on top of the latest trips and tricks. Additionally, If you have any questions, please feel free to touch base @Garthmj.