Condividi tramite


Creating Custom RBAC Enabled Reports in ConfigMgr 2012 R2

This post will step you through the process of creating custom reports in ConfigMgr 2012 R2 that will enforce your Role Based Access Control (RBAC) policies. Configuration Manager reports are now fully enabled for role-based administration. The data for all reports included with Configuration Manager is filtered based on the permissions of the administrative user who runs the report. Administrative users with specific roles can only view information defined for their roles. TechNet reference

Step 1: Determine the data you wish to report on

Using SQL Management Studio, confirm your SQL query against the new fn_rbac table views passing through the ('disabled') parameter to bypass the requirement of passing through a user SID

NOTE: all fn_rbac_<table> views can be found under "Tabled-valued Functions".

If you query v_<tables> than RBAC is ignored.

clip_image001

Step 2: Create a new custom report in ConfigMgr Management Console UI

clip_image002

clip_image003

clip_image004

Step 3: Editing your custom report will launch SQL Report Builder

clip_image005

clip_image006

clip_image007

clip_image008

clip_image009

Step 4: Design Your Report

Confirm you can see Dataset values and select the type of Report you want to create

clip_image010

clip_image011

clip_image012

Step 5: Design and format your report as required

clip_image013

Step 7: Configure the Dependencies for RBAC

Create a New Dataset

clip_image014

clip_image015

clip_image016

clip_image017

clip_image018

clip_image019

clip_image020

clip_image021

clip_image022

clip_image023

clip_image024

clip_image025

clip_image026

clip_image027

clip_image028

clip_image029

NOTE: If you do not see the REFERENCES option, try and run your report, it will fail however will present the References parameters

clip_image030

clip_image031

ALL DONE..

Step 8: Test your custom report

To test I have granted an admin account "sccm2012r2\Ian" that is limited only to the collection called "Ian's Collection"

clip_image032

Launch the ConfigMgr console using SCCM2012R2\Ian

clip_image033

clip_image034

clip_image035

clip_image036

clip_image037