Config Manager Ticker App - Help needed

Amesy86

Hi Guys,

I need to be able to allow users outside of IT to send announcements to certain Device Collections. I have followed the Instructions in the Config PDF but because I do not want these users to be able to see anything in SCCM other than the Collections they need to post Announcements to. I have removed the Read Only status on all sections other than Collection - Deploy Client Settings and Inventory Reports - Modify, which has locked all SCCM down to just the 5 collections they need, but it has also removed the Announcements button from the ribbon. I can't now find which setting will enable that again.

Any help would be greatly appreciated.

Regards,

James.

wally_mead

Here's what my testing has come up with. I started with the Read-only Analyst. Turned off all rights except the Collections class (left defaults, plus added Deploy Client Settings), Inventory Reports (enabled Modify). That didn't get the Announcement action. If I turn on both Client Agent Settings (Read) and Site (Read), I then get the Announcement action. If I only enable one of those two, it doesn't appear.

I'll have dev verify tomorrow, but I'm expecting that is the final resolution that is necessary.

F_Christiansen

Hi James,

What a great question!

If you want to setup a security role from scratch, here is what you need to show and use the Ticker Admin App:

• Create a custom Security Role and strip it for all permissions.
• Add "Client Agent Settings": Read
• Add "Collection": Read, Deploy Client Settings. (Note, you will need Read Resource to display collection members, but the Ticker App doesn't require that)
• Add "Inventory Reports": Read, Modify
• Add "Site": Read
• Add "Status Messages": Read

Based on your issue, we will update the documentation.
Thanks again.

Best regards
Flemming Appelon Christiansen

wally_mead

I moved this to the proper area, which would be the Free Community Solutions - Configuration Manager apps area. This specific area here is for feature request specifically, not questions. I know, it doesn't really matter to you, but it makes management easier of the threads. I'll respond to the post over there now.

wally_mead

Hi James,

Wow, I've not delved that far in the Configuration Manager role-based administration feature to see exactly what permissions are required in order to see the Announcements action on a device collection. Certainly you need the two that you reference to use it. But I'd also assume that you need some normal Configuration Manager rights to see some of the ribbon actions.

As a workaround until we get this analyzed, would it be possible for you to assign those users the Read-Only Analyst role? That's what I was using in my webinar, then I added the two specific rights needed in order to be able to get the Announcement feature to work. I know it lets them see everything in the console, but they can't modify anything at all, other than what you change. If you then add the two rights in the doc, then they can see everything, as well as create announcements.

I know that is not your end goal ,but it would get them working while we dig into the permissions to see what else is needed to get the Announcement action to appear. Obviously you removed something that was needed, I just am not sure what it is outside of the two we do document.

Wally

wally_mead

Oh, also, if you can send me the exact permissions that you have on your security scope, I can start there and see if I can figure it out for you. If you'd rather email me directly with that info, feel free to do so at wally.mead@cireson.com.

wally_mead

Here's what my testing has come up with. I started with the Read-only Analyst. Turned off all rights except the Collections class (left defaults, plus added Deploy Client Settings), Inventory Reports (enabled Modify). That didn't get the Announcement action. If I turn on both Client Agent Settings (Read) and Site (Read), I then get the Announcement action. If I only enable one of those two, it doesn't appear.

I'll have dev verify tomorrow, but I'm expecting that is the final resolution that is necessary.

F_Christiansen

Hi James,

What a great question!

If you want to setup a security role from scratch, here is what you need to show and use the Ticker Admin App:

• Create a custom Security Role and strip it for all permissions.
• Add "Client Agent Settings": Read
• Add "Collection": Read, Deploy Client Settings. (Note, you will need Read Resource to display collection members, but the Ticker App doesn't require that)
• Add "Inventory Reports": Read, Modify
• Add "Site": Read
• Add "Status Messages": Read

Based on your issue, we will update the documentation.
Thanks again.

Best regards
Flemming Appelon Christiansen

Amesy86

This is an amazing response. Thank you so much for getting back to me so quickly and with such detailed information. I'll give this a good test and report back. Many thanks again.

wally_mead

Hi James,
If the solution works for you, please do mark the thread as answered, as that will then help others when searching to know the final answer :-)
Thanks,
Wally

Amesy86

I can confirm that this is all fixed.

Thank you so much for you help.

wally_mead

Fantastic, glad to hear it.