Windows Management User Group

Implementing RBAC in System Center 2012 R2 Service Manager

By Kenneth


This blogpost will detail my experiences and insights gained from implementing Role Based Access Control (RBAC) in a System Center 2012 R2 Service Manager environment.


After installing Service Manager a couple of so called User Roles are created:

Report User
End User
Read-Only Operator
Activity Implementer
Change Initiator
Incident Resolver
Problem Analyst
Change Manager
Advanced Operator

In its simplest form you should simply add Active Directory groups to one of the groups above and users member of that group will receive the corresponding rights. Microsoft has outlined what each User Role profile can do in the following article on TechNet: Appendix A – List of User Role Profiles in System Center 2012 – Service Manager –

The roles above are scoped Global as mentioned in their description. This means that if you are member of one or more of these roles you can see every CI, task, view, templates etc.. So if you want to authorize users more granulary you have to create custom user roles.

It is possible to include an Active Directory Group into more than one custom user roles, you can for example create an custom user role for incident management and one for change management. If you add the AD group to both, the …read more

Read more here:: Technical Blog of Kenneth van Surksum