Contact Us Get Free Products
Search icon Contact Us Get Free Products
SCCM/MECM

Creating an SCCM report viewer role

Benoit LecoursNovember 10 20212 Min Read

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 8 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intune deployments.

Benoit Lecours

President
Table of Content
SCD Collaborators

In many SCCM environments, we see administrators that want to give access to the SCCM reporting node only. Unfortunately, there’s no SCCM Report Viewer role when you browse to the Security role of the console. So … What if you want to give a user the right to only run reports? This blog post will show how to create an SCCM report viewer role in the console.

A simple way to do this is to grant access to the Read-only Analyst role which will be enough to run a report but maybe you don’t want them to see all nodes and get lost in the console.

If you’re unfamiliar with role-based administration, we suggest you first read the Microsoft docs which explains the basics. It combines security roles, security scopes, and assigned collections to define the administrative scope for each administrative user. We’ll use this concept to create a new SCCM Report viewer role and then grant our administrative users rights to this role.

Create a Report Viewer Role in SCCM

Here’s what to do to achieve this:

  • Go to SCCM Console / Administration / Security / Security Roles
  • Right click on the Read-only Analysts security role
  • Select Copy
  • Go throught each node permission and keep only Run Reports and Read to YES
  • At the end, it should look like this :
SCCM report viewer role
  •  Click OK

Add user to the SCCM Report Viewer Role

We now need to add your administrative user to the role you just created

If your Administrative user is already in the console :

  • Go to SCCM Console / Administration / Security / Administrative Users
  • Right-click your Administrative user you want to add to the Report viewer role and select Properties
SCCM report viewer role
  • Click the Security Role tabs and select the Report Viewer Role
SCCM report viewer role

If your user is not already in the console

IF this is for a new user that didn’t have any access to the SCCM Console

  • Go to SCCM Console / Administration / Security / Administrative Users
  • Right-Click Administrative User and select Add User or Group
SCCM report viewer role
  • Click on Browse and select the user you want to add to the security role
  • Click on Add and select the Report Viewer role you created in the first step
  • Select the desired security scope option
SCCM report viewer role

You can now install the SCCM console on the user account or use the web portal to access the reports.

SCCM 2012 Security
SCD Collaborators
Comments (2)

latrenda rohde

02.25.2020 AT 02:10 PM
I no longer want my administrar this person has added service I didnot approve steal money change my permission.I want them off I no longer want micro soft services and no longer want this administrar I want to press charges against this person remove them asp they have commute a criminal. act and I'm pressing charge
Hide replies 0

Neil Clinch

07.26.2018 AT 02:24 PM
The picture is inconsistent with the statement "Go throught(sic) each node and keep only Run Reports and Read to YES". Can you clean this article up or combine it with the Report Administrator article. I love the site! Thanks,
Hide replies 0
Related posts
Benoit LecoursMay 24 20242 Min Read
Renew Intune Apple MDM Push Certificate

To enroll and manage iOS/MAC devices in Intune, you must create an Intune Apple Certificate. These...

SCCM/MECM
Benoit LecoursMay 08 20243 Min Read
Deploy Microsoft Authenticator app using Microsoft Intune

With the increasing number of mobile users requesting access to external resources many...

SCCM/MECM
Benoit LecoursApril 30 20242 Min Read
Understanding Intune Autopilot Error 0x8007052e

Two days ago, Microsoft had an outage affecting Intune AutoPilot Pre-Provisionning. Users...

SCCM/MECM
Request a Quote

Please fill out the form, and one of our representatives will contact you in Less Than 24 Hours. We are open from Monday to Friday.

Consulting Services

Subscription

PatchMyPC

Reports and Guides

I'm interested in working with you

Consulting services and time banks are used for generic requests. All others are fixed-price plans.

Never share sensitive information (credit card numbers, social security numbers, passwords) through this form.
Request Sent

Thank you for your request. You will receive an email with more details. Take note that we normally work from Monday to Friday. We will get in touch with you as soon as possible.

Comment Sent

Thank for your reply!

Error

Something went wrong!