Set-SCOMUserRole

Configures an Operations Manager user role.

Syntax

Set-SCOMUserRole
   [-UserRole] <UserRole>
   -User <String[]>
   [-PassThru]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-SCOMUserRole
   [-UserRole] <UserRole>
   [-AllClass]
   [-PassThru]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-SCOMUserRole
   [-UserRole] <UserRole>
   -ClassScope <ManagementPackClass[]>
   [-PassThru]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-SCOMUserRole
   [-UserRole] <UserRole>
   [-AllTask]
   [-PassThru]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-SCOMUserRole
   [-UserRole] <UserRole>
   -TaskScope <ManagementPackTask[]>
   [-PassThru]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-SCOMUserRole
   [-UserRole] <UserRole>
   [-AllGroup]
   [-PassThru]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-SCOMUserRole
   [-UserRole] <UserRole>
   -GroupScope <MonitoringObjectGroup[]>
   [-PassThru]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-SCOMUserRole cmdlet configures a System Center 2019 - Operations Manager user role. A user role contains two features:

  • Profile. Defines the collection of operations to which the user role has access.
  • Scope. Defines the boundaries for profile operations; for example, tasks and groups.

You can use this cmdlet to update the user list or the scope of the user role.

Examples

Example 1: Grant a user role access to all tasks

PS C:\>$Role = Get-SCOMUserRole -Name "Constoso Operators"
PS C:\> $Role | Set-SCOMUserRole -AllTask -PassThru | Set-SCOMUserRole -AllGroup

This example shows how to update a user role to grant it access to all tasks.

The first command gets the user role object named Contoso Operators and stores the object in the $Role variable.

The second command uses the pipeline operator to pass the user role stored in the $Role variable to the Set-SCOMUserRole cmdlet. This cmdlet grants the user role access to all tasks and returns the updated user role object. The command then passes the updated object to Set-SCOMUserRole by using the pipeline operator, which approves the role for all groups.

Example 2: Grant a user role access to specific tasks

PS C:\>$Role = Get-SCOMUserRole -Name "Constoso SQL Operators"
PS C:\> $NewTaskList = Get-SCOMTask -Name "*SQL*"
PS C:\> $Role | Set-SCOMUserRole -TaskScope $NewTaskList

This example shows how to update a user role to grant it access to specific tasks.

The first command gets the user role object named Contoso SQL Operators and stores the object in the $Role variable.

The second command gets all task objects with SQL in their names and stores the objects in the $NewTaskList variable.

The last command uses the pipeline operator to pass the user role stored in the $Role variable to Set-SCOMUserRole, which resets the collection of approved tasks to the list stored in the $NewTaskList variable.

Example 3: Add a user a user role

PS C:\>$Role = Get-SCOMUserRole -Name "Contoso Read-Only Operators"
PS C:\> $Role | Set-SCOMUserRole -User ($Role.Users + "Contoso\Cesar")

This example adds a user to a user role.

The first command gets the user role object named Contoso Read-Only Operators and stores the object in the $Role variable.

The second command uses the pipeline operator to pass the object stored in the $Role variable to the Set-SCOMUserRole cmdlet, which adds the user Contoso\Cesar to the existing list of users for the role.

Parameters

-AllClass

Indicates that the permissions that an Author user role grants extend to all classes.

Type:SwitchParameter
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-AllGroup

Indicates that the permissions that a user role grants extend to all groups.

Type:SwitchParameter
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-AllTask

Indicates that the permissions that an Author, Operator, or Advanced Operator user role grants extend to all tasks.

Type:SwitchParameter
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ClassScope

Specifies an array of ManagementPackClass objects that represent the classes to which an Author role has access. To obtain a ManagementPackClass object, use the Get-SCOMClass cmdlet.

Type:ManagementPackClass[]
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-GroupScope

Specifies an array of MonitoringObjectGroup objects that represent the groups to which a user role has access. To obtain a monitoring object group object, use the Get-MonitoringObjectGroup cmdlet.

If you do not specify a value for this parameter, the role has access to all groups. To deny the role access to all groups, specify $Null or an empty array, @().

Type:MonitoringObjectGroup[]
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-PassThru

Indicates that the cmdlet creates or modifies an object that a command can use in the pipeline. By default, this cmdlet does not generate any output.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-TaskScope

Specifies an array of ManagementPackTask objects that represent the tasks to which an Author, Operator, or Advanced Operator role has access.

If you do not specify a value for this parameter, the role has access to all tasks. To deny the Author, Operator, or Advanced Operator role access to all tasks, specify $Null or an empty array, @().

Type:ManagementPackTask[]
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-User

Specifies an array of user names that are part of this user role. This list replaces any existing list of users. To clear all users from a user role, specify $Null or an empty array, @().

Type:String[]
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-UserRole

Specifies a user role object. To obtain a UserRole object, us the Get-SCOMUserRole cmdlet.

Type:UserRole
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False