CMPivot - Changing the scope
CMPivot is cool and all, but you are required to have the Default security scope in order to use it. This really makes it hard to get your users to adopt it if you have RBAC set up the way Microsoft has been asking us to do it for forever.
“Here’s a great tool for your helpdesk, just let them see everything!”
So I’ve played around with it on the backend, and have come up with a solution that lets you select what SCOPEs can run CMPivot!
First, the proof!
I created a SCOPE called CMPivotDemo and assigned a user to that scope, removing Default. I then tried to run CMPivot:
As we all know, CMPivot is a fancy UI on top of a CM Script. If you just assign the CM Script called “CMPivot” to the scope your user is in, they can then launch CMPivot! This is achievable through PowerShell:
$Script = Get-CMScript -ScriptName 'CMPivot' -Fast Add-CMObjectSecurityScope -Name 'CMPivotDemo' -InputObject $Script
In your environment, just change
CMPivotDemo to the name of the scope you want to access CMPivot. Run the script and…