Home » System Center Operations Manager 2007 » Rolebased security


Welcome to contoso.se! My name is Anders Bengtsson and this is my blog about Azure infrastructure and system management. I am a senior engineer in the FastTrack for Azure team, part of Azure Engineering, at Microsoft.  Contoso.se has two main purposes, first as a platform to share information with the community and the second as a notebook for myself.

Everything you read here is my own personal opinion and any code is provided "AS-IS" with no warranties.

Anders Bengtsson

MVP awarded 2007,2008,2009,2010

My Books
Service Manager Unleashed
Service Manager Unleashed
Orchestrator Unleashed
Orchestrator 2012 Unleashed
Inside the Microsoft Operations Management Suite

Rolebased security

There is a large number of operations in SCOM 2007 for example close alerts, run scripts and change rules. All these operations have been group in different profiles.  Every profile correspond to function or service. Below there is a explanation to every default role. A great news is that we finally got that true read-only operator role without multiple management groups.

  • Report Operator
    This profile is used to give permissions to reports. SCOM 2007 have integrated SQL Reporting service security into SCOM 2007 security. Only members or the Report Operators role can read reports.
  • Report Security Administrator
    This profiles is used between SQL Reporting services and SCOM 2007. The IIS application pool that run SQL Reporting Server is using this profile.
  • Read-Only Operator
    This profile is for persons who should only be enable to read alerts and views. What the persion can see is controlled by scope.
  • Operator
    This profile is for persons that need access to alerts, views and to be enable to run tasks. This profile is the same as MOM User group in MOM 2005.
  • Advanced Operator
    This profile is based on the operator profile, but this profile can also change a part of the configuration. Which part of the configuration is controlled by the running scope.
  • Author
    This profile is the same as the MOM Author group in MOM 2005. This profiles if for persons who will work with management packs and settings.
  • Administrator
    The Administrator profile is the most powerful profile. Administrators can do anything within the system. During the installation you will choose a group who will become SCOM 2007 Administrators. This profile is the same as MOM Administrators in MOM 2005.

1 Comment

  1. In role based security if under the operator section if i add Domain admins as member I can see all the views and it is not restricted based on the scope. It works when I create role for a domain user, however when I try to do the same for a domain admin it does not. The domain admin can see all the views regardless of any views that I select for it. Can you please help me in finding a work around.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.