Even I have come up with the same results, that Site's Read permission gives more unnecessary accesses, which I dont want.
Below are the settings exactly :
AD group with the name : ABC
ABC group was imported in SCCM with scope as default
Security Role created in SCCM with the name : Report Users with permissions to run reports for few objects along with Site Read permission. This role was assigned to ABC group in SCCM.
1) Now if the test user ID "TEST" is made part of the ABC group, it gets the console reports access but this give alot of other accesses which I don't want to provide.
Is there any way to prevent this with getting reports access in SCCM console as well ?
2) Who all does have access to the web reports for SCCM, are those the IDs in the security tab which comes up when we go to "Servername/reports" ??
There are some users to whom I don't want to provide reports access, (either via Console or web). how could I achieve this?
-
Edited by
Vikram Midha
Saturday, February 14, 2015 9:27 AM