This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Quick Question on Security Roles

Question
0

Sign in to vote

Quick question on security roles and administrative users:

If a user is assigned to 2 different security roles and they have conflicting settings - which ones wins? One of those roles in question is "Full Administrator" so will that win out or will the more restrictive, "deny" rules win out? I'm accustomed to the more restrictive winning out but wanted to be 100% sure, especially since this will involve users who are already Full Admins. Thanks for your help!

Thursday, February 13, 2014 5:52 PM

Answers

0

Sign in to vote
From Technet:

Role-based administration does not support an explicit deny action on security roles, security scopes, or collections assigned to an administrative user. Instead, configure security roles, security scopes, and collections to grant permissions to administrative users. If users do not have permissions to objects by use of these role-based administration elements, they might have only partial access to some objects, for example they might be able to view, but not modify specific objects. However, you can use collection membership to exclude collections from a collection that is assigned to an administrative user.

Cheers

Paul | sccmentor.wordpress.com
- Proposed as answer by Garth JonesMVP Saturday, February 22, 2014 3:05 PM
- Marked as answer by Garth JonesMVP Saturday, March 1, 2014 3:42 PM
Friday, February 14, 2014 5:12 PM