Users cant create roles or computers

Dec 28, 2012 at 6:22 PM
Edited Dec 28, 2012 at 6:24 PM

I am attempting to start using Front End 2.0.3 with MDT 2012 and SCCM 2012.

I am having trouble setting things up so that users can create Roles and Computers.

Looking at the access roles, it says that the default access role is "Full Access" and is set to allow change on everything.  When I log in with a user, that user have view only to the roles and computers and cannot create new roles.  If I add the user and give them IsAdmin, then that user can rcreate roles and computers.

Does anyone have an Idea what I am doing wrong?

I can also disable advanced security and that will also let the user create roles and computers.

I'd like to make it so that I can assign users to be able to create computers, roles and assign certain settings.  But at the moment, it seems like it is all or nothing.

Jan 17, 2013 at 4:02 PM

Here is  the contents of my AccessRoles table in MDTDB - you can see that I have everything set to "Change" as 2 and default is set in both roles.

ID Name Description Type Details Settings Applications Packages Administrators Gateways Roles Default GroupID
4 Full Access Full Access A 2 2 2 2 2 2 2 1 2
5 Desktop Desktop R 2 2 2 2 2 2 2 1 2

 

Here is the users table.  It creates a user anytime a new user logs in.  I think they should get the default settings above.  I must be doing something wrong.  If I set the user2 to Admin - that last value to a 1, then everything works, except the user is not restricted in any way.  I am pretty desperate to get this fixed and working like it does in version 1.  Please please help me.

ID Name CreationDate Username Firstname Lastname email Password PasswordQuestion PasswordAnswer IsApproved LastActivityDate LastLoginDate LastPasswordChangedDate IsOnline IsLockedOut LockedOutDate FailedPasswordAttemptCount FailedPasswordAttemptWindowStart FailedPasswordAnswerAttemptCount FailedPasswordAnswerAttemptWindowStart LastModified Comment IsAnonymous IsAdmin
1 NULL NULL Domain\user1 NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL 1
3 NULL NULL Domain\user2 NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL NULL 0

Mar 23, 2013 at 2:59 AM
I would like to do the same thing. I want to allow some users to add computers and change some of the computer settings but that is all. I can't seem to figure it out. Can anyone help?

Jim
Oct 14, 2013 at 6:07 PM
Hello guys,

Awsome tool, but this feature does not seem to work at all. So either the user can do Everything (IsAdmin) or cannot do anything of (not IsAdmin).

@Maik: Can you please help out?

Kind Regards

//Dejvid