There is a large number of operations in SCOM 2007 for example close alerts, run scripts and change rules. All these operations have been group in different profiles. Every profile correspond to function or service. Below there is a explanation to every default role. A great news is that we finally got that true read-only operator role without multiple management groups.
This profile is used to give permissions to reports. SCOM 2007 have integrated SQL Reporting service security into SCOM 2007 security. Only members or the Report Operators role can read reports.
Report Security Administrator
This profiles is used between SQL Reporting services and SCOM 2007. The IIS application pool that run SQL Reporting Server is using this profile.
This profile is for persons who should only be enable to read alerts and views. What the persion can see is controlled by scope.
This profile is for persons that need access to alerts, views and to be enable to run tasks. This profile is the same as MOM User group in MOM 2005.
This profile is based on the operator profile, but this profile can also change a part of the configuration. Which part of the configuration is controlled by the running scope.
This profile is the same as the MOM Author group in MOM 2005. This profiles if for persons who will work with management packs and settings.
The Administrator profile is the most powerful profile. Administrators can do anything within the system. During the installation you will choose a group who will become SCOM 2007 Administrators. This profile is the same as MOM Administrators in MOM 2005.