I needed to create a number of Role-Based Administration (RBA) report reader security roles in order to test each ConfigMgr feature and function. This was done to ensure that only the appropriate reports would be available to the assigned users.
Since there are no security roles for this task, it meant that I needed to continually clone the Read-only Analyst security role to remove all the extra rights. This became a tedious task and I knew that there had to be a better way to achieve my goal.
The answer was simple, create a base ConfigMgr security role with the following access rights:
Site: Read, Collection: Read and Read Resource.
To do this I simply cloned the Read-only Analyst security role and removed all the extra rights. I then called it, “zzz Base Security Role,” so that it was always at the bottom of the RBA security list (out of the way).
Next, I cloned the zzz Base Security Role to create each of my report reader security roles for each feature and function. Once I did this, it saved me a lot of time!
Now that this base security role is created, I’m making it available to everyone! Don’t waste your time cleaning-up unwanted security rights from the Read-only Analyst security role for your next RBA security role.
If you are not familiar with importing RBA security roles, please see my blog post entitled, “How to Import a RBA Security Role.”