I was attempting to setup security yesterday for our team by going with minimum access. I attempted to give someone just access to collections and remote tools. When we launched, I got an error. I am assuming the issue is related to not having enough permissions to open the site to get to the collections as the group I added has rights to the SMS_Provider. Thats when I got the following idea: It would be nice to have an option for setting user access based on roles: Help Desk Role: Access to collections and minimal tools to assist end users. Software Updates: perhaps seperate into 2 roles 1. desktop update approval and server update approval as we have 2 different people who are in charge of this. Application Deployment: Allowed to do everything related to app deployment. OS Deployment: Allowed to do everything related to OS Deployment Perhaps a report reader role. Our finance guys might find benefit in seeing inventory stuff for their depreciations. By selecting this role, it would give you all the minimum requirements to open and use those tools. It would also be selectable to have more than one role.

Wally,If this isn't available, yet, where's a good source of information on how to give very limited Console rights to a group of users. Looking at just letting them drop off and remove computers into preset deployment collections, etc.Thanks!

That can be done using ConfigMgr's security rights: http://technet.microsoft.com/en-us/library/bb632791.aspx