QuickTricks: What user roles can put a server into maintenance mode in #SCOM? | Quisitive
Solutions
Integration & Consulting
Help you move, operate, innnovate and thrive within the Microsoft clouds.
Application Development
Data & Analytics
Artificial Intelligence (AI)
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Explore the full list of technologies that our expert consultants can support.
Azure
Microsoft Teams
Microsoft 365
Power Platform
Dynamics 365
Power BI
Microsoft Copilot
Power Apps
Azure OpenAI
Sharepoint
Microsoft Fabric
Microsoft Sentinel
Azure Synapse
Windows
SQL Server
ERP Technologies
System Center
Microsoft Viva
Azure Virtual Desktop
Business Needs
Departmental solutions to ensure cloud and technology enablement across every area of your business.
Sales & Marketing
Operations
Human Resources
Finance & Accounting
Customer Service
Localization Services
Help you translate software so you can capture new business worldwide.
Language Engineering & NLP
Translations & Localization
Licensing
Experts in Microsoft cloud licensing and optimizing costs for your business.
Products
EmPerform
Provide people managers with flexible employee performance management software.
Velocity Insights
Monitor, analyze, and prioritize .NET, JavaScript or Node JS errors – all on one dashboard.
AgeChecker.net
Ensure local and federal compliance with our age verification tool for retail.
PowerGov
Engage citizens with a community development app for city maintenance and management.
MazikCare
Embrace patient-centered, collaborative care with our suite of real-time health solutions.
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
AMS
Deliver on your cloud strategy with a team that continuously monitors, improves, and optimizes your Azure environment.
ShopFloor
Empower production managers with cutting-edge manufacturing process management.
Spyglass
Take a proactive, continuous approach to optimizing your security environment and strategy.
Managed Services
Azure Management Services
Deliver on your cloud strategy with a team that continuously monitors, improves, and optimizes your Azure environment.
App Dev Program
Ongoing enhancements, app security, DevOps and reporting for apps running in Azure.
Data & AI Program
Operational support for running, monitoring and managing services for the Azure Data Platform.
Dynamics Program
Ensure the health of your Dynamics environments, optimize usage and encourage user adoption.
Digital Workplace Program
Optimize Microsoft 365 security, usage and user adoption with our digital workplace experts.
Security Program
Take a proactive, continuous approach to optimizing your security environment and strategy.
Power Platform Program
Get an extension of your team that ensures the health of your Power Platform.
Industries
Manufacturing
Education
Public Sector
Financial Services
Healthcare
Energy
Retail
Software
Resources
Blogs
Case Studies
Library
Newsletters
Events
News
Learning Channels
About
Investors
Leadership
Microsoft
Our Approach
Our Partners
Our Story
Awards & Recognition
Careers
Support
Contact us
Solutions
Back
Solutions
Integration & Consulting
Application Development
Data & Analytics
Artificial Intelligence (AI)
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Azure OpenAI
Microsoft Copilot
Microsoft Fabric
Azure
Azure Synapse
Azure Virtual Desktop
System Center
SQL Server
Microsoft Sentinel
Microsoft 365
Sharepoint
Microsoft Teams
Microsoft Viva
Windows
Power Platform
Power BI
Power Apps
Dynamics 365
ERP Technologies
Business Needs
Sales & Marketing
Operations
Human Resources
Finance & Accounting
Customer Service
Localization Services
Language Engineering & NLP
Translations & Localization
Licensing
Products
Back
Products
EmPerform
AgeChecker.net
MazikCare
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
ShopFloor
Velocity Insights
PowerGov
AMS
Spyglass
Managed Services
Back
Managed Services
Azure Management Services
Data & AI Program
Digital Workplace Program
Power Platform Program
App Dev Program
Dynamics Program
Security Program
Industries
Back
Industries
Manufacturing
Healthcare
Education
Energy
Public Sector
Retail
Financial Services
Software
Resources
Back
Resources
Blogs
Events
Case Studies
News
Library
Learning Channels
Newsletters
Investors
Back
Investors
Financial Reports & Results
Investor News
Earning calls
Contact
Contact us
About
Back
About
Our Story
Investors
Microsoft
Leadership
Our Partners
Awards & Recognition
Our Approach
Careers
Support
Search
Back
Terms of use
Privacy policy
QuickTricks: What user roles can put a server into maintenance mode in #SCOM?
May 11, 2012
Quisitive

Summary: Operator role and higher (operator, advanced operator, and administrator) should be able to put systems into maintenance mode.

My testing: For due diligence I tested this in my lab environment as well for the Administrator role, Operator Role and Read-Only Operator Role and the results are shown below.

Administrator: (Maintenance mode is available)

Operator: (Maintenance mode is available)

Read-Only Operator: (Maintenance mode is NOT available)

For additional details, Microsoft has provided a set of what privileges are associated with each role in OpsMgr which is included in this post for reference purposes (The following content of what roles have what privileges is re-arranged from: http://technet.microsoft.com/en-us/library/hh872885.aspx)

1.1 Administrator

The Administrator profile includes full privileges to Operations Manager. No scoping of the Administrator profile is supported. The Administrator profile contains all of the privileges found in the Author, Advanced Operator, Operator, and Read-Only Operator profiles in addition to those listed below.

  • Create a resolution state
  • Delete a resolution state
  • Update a resolution state
  • Deploy an agent
  • Repairing or update an installed agent
  • Uninstall an agent
  • Enumerate agent settings
  • Update agent settings
  • Enumerate agents
  • Start or stop managing computers or devices via a proxy health service
  • Enumerate computers or devices managed via a proxy health service
  • Insert a new instance of a computer or device
  • Delete an instance of a computer or device
  • Run discovery task
  • Create events
  • Enumerate global settings
  • Update global settings
  • Export Management Packs
  • Enumerate Management Servers
  • Delete notification endpoint
  • Update notification endpoint
  • Create performance data
  • Create Run As Accounts
  • Delete Run As Accounts
  • Enumerate Run As Accounts
  • Update Run As Account
  • Create mappings between Run As Account and Run As Profiles
  • Delete mappings between Run As Account and Run As Profiles
  • Enumerate mappings between Run As Account and Run As Profiles
  • Update mappings between Run As Account and Run As Profiles
  • Create connected management groups
  • Delete connected management groups
  • Enumerate user roles
  • Delete user roles
  • Update user roles
  • Write favorite reports
  • Delete favorite reports
  • Read favorite reports
  • Update favorite reports
  • Read reports
  • Run reports

1.2 Author

The Author profile includes a set of privileges designed for authoring of monitoring configuration. A role based on the Authors profile grants members the ability to create, edit, and delete monitoring configuration (tasks, rules, monitors, and views) within the configured scope. For convenience, Authors can also be configured to have Advanced Operator privileges scoped by group. The Author profile contains all of the privileges found in the Advanced Operator, Operator, and Read-Only Operator profiles in addition to those listed below.

  • Create Management Packs
  • Delete Management Packs
  • Enumerate Run As Profiles

1.3 Advanced Operator

The Advanced Operator profile includes a set of privileges designed for users who need access to limited tweaking of monitoring configuration in addition to the Operators privileges. A role based on the Advanced Operators profile grants members the ability to override the configuration of rules and monitors for specific targets or groups of targets within the configured scope. The Advanced Operator profile contains all of the privileges found in the Operator and Read-Only Operator profiles in addition to those listed below.

  • Update Management Pack
  • Enumerate templates

1.4 Operator

The Operator profile includes a set of privileges designed for users who need access to alerts, views, and tasks. A role based on the Operators profile grants members the ability to interact with alerts, run tasks, and access views according to their configured scope. The Operator profile contains all of the privileges found in the Read-Only Operator profile in addition to those listed below.

  • Update alerts
  • Run diagnostics
  • Create favorite tasks
  • Delete favorite tasks
  • Enumerate favorite tasks
  • Updates favorite tasks
  • Run recovery routines
  • Update maintenance mode settings
  • Enumerate notification actions
  • Delete notification actions
  • Update notification actions
  • Enumerate notification endpoints
  • Enumerate notification recipients
  • Delete notification recipients
  • Update notification recipients
  • Enumerate notification subscriptions
  • Delete notification subscriptions
  • Update notification subscriptions
  • Enumerate tasks
  • Enumerate task status
  • Run tasks

1.5 Read-Only Operator

The Read-Only Operator profile includes a set of privileges designed for users who need read-only access to alerts and views. A role based on the Read-Only Operators profile grants members the ability to view alerts and access views according to their configured scope.

  • Read alerts
  • Retrieve the instance of the data warehouse for the Management Group
  • Read state of a resolution
  • Read instance of a connector
  • Read a console tasks
  • Enumerate diagnostic objects
  • Enumerate the results of diagnostics
  • Enumerate discovery objects as defined in a Management Pack
  • Read a discovery rules
  • Read events
  • Write to favorite console tasks
  • Delete favorite console tasks
  • Enumerate favorite console tasks
  • Update favorite console tasks
  • Write a favorite view
  • Delete a favorite view
  • Enumerate a favorite view
  • Update a favorite view
  • Enumerate monitoring objects
  • Enumerate monitoring classes
  • Enumerate monitoring relationship classes
  • Enumerate Management Packs
  • Enumerate monitor types
  • Enumerate module types
  • Enumerate monitors
  • Enumerate overrides
  • Enumerate performance data
  • Enumerate discovery objects as defined in a Management Pack
  • Enumerate the status of past recoveries
  • Enumerate relationship between monitored objects
  • Enumerate rules
  • Enumerate saved searches
  • Update saved searches
  • Write to saved searches
  • Delete saved searches
  • Enumerate state
  • Allows access to connected Management Groups
  • Enumerate views
  • Enumerate view types

1.6 Report Operator

The Report Operator profile includes a set of privileges designed for users who need access to Reports. A role based on the Report Operator profile grants members the ability to view reports according to their configured scope.

  • Retrieve the instance of the data warehouse for the Management Group
  • Write to favorite reports
  • Delete favorite reports
  • Read favorite reports
  • Update favorite reports
  • Read reports
  • Run reports

1.7 Report Security Administrator

  • The Report Security Administrator profile includes a set of privileges designed to enable the integration of SQL Server Reporting Services security with Operations Manager.
  • Export Management Packs
  • Enumerate classes as defined in the Management Packs
  • Enumerate Management Packs
  • Run a report
  • Enumerate rules

Thank you to Paul Johnson for his assistance putting this together!

Related posts
|
Read more
CFSA Case Study Feature Image - dc.gov logo
Infrastructure | 7 Dec
Quisitive helps CFSA Launch Kinship Navigator Platform
Read more
Infrastructure | 12 Aug
Greene Tweed Develops and Deploys Smart Factory with Quisitive
Read more
Infrastructure | 7 Mar
Discover 5 Reasons to Migrate SQL Servers to Azure
Read more