NCSU SCCM 2007 Permission Model

This is a description of the permissions model implemented in the domain wide SCCM setup.

Format is:
Node/Subnode – Group:Permission [on list of objects]

 

Site Management – OIT-Servers-SCCM-Console-Admins:Full Control
Site Management – NCSU-Departmental OU Admins:Read
Computer Management – OIT-Servers-SCCM-Console-Admins:Full Control

Computer Management/

Collections – OIT-Servers-SCCM-Console-Collection-Admins:Full Control
Collections – NCSU-Departmental OU Admins:Create
Collections – <OU>-OU Admins:Full Control on all <OU>-* objects

Software Distribution – OIT-Servers-SCCM-Console-Packaging-Admins: Full Control
Software Distribution/Packages – OIT-Servers-SCCM-Console-Packaging-Creators:Create
Software Distribution/Advertisements – NCSU-Departmental OU Admins:Create
Software Distribution/Advertisements – <OU>-OU Admins:Full Control on all <OU>-* objects
Software Distribution/Packages – NCSU-Departmental OU Admins:Read on all NCSU-* and OSD-* objects

Operating System Deployment – OIT-Servers-SCCM-Console-Imaging-Admins:Full Control
Operating System Deployment/OS Images – <OU>-OU Admins:Read on all <OU>-* objects
Operating System Deployment/OS Install Packages – NCSU-Departmental OU Admins:Read on all NCSU-* objects
Operating System Deployment/Task Sequences – <OU>-OU Admins:Full Control on all <OU>-* objects
Operating System Deployment/Task Sequences – NCSU-Departmental OU Admins:Read on all NCSU-* objects
Operating System Deployment/Boot Images –┬áNCSU-Departmental OU Admins:Read on the Node
Operating System Deployment/Drivers – NCSU-Departmental OU Admins:Read on the Node
Operating System Deployment/Driver Packages – NCSU-Departmental OU Admins:Read on the Node
Operating System Deployment/Computer Association – OIT-Servers-SCCM-Console-Imaging-Admins:Full Control

Queries – OIT-Servers-SCCM-Console-Query-Creators:Create
Queries – <OU>-OU Admins:Read on all <OU>-* objects
Queries – NCSU-Departmental OU Admins:Read on all NCSU-* objects