Understanding permissions in Configuration Manager

  • Last update on September 26th, 2024

Role-based access control (RBAC) in Configuration Manager is managed through Azure DevOps

To get started with Azure DevOps permissions, please refer to the “About permissions and security groups” guide in the Microsoft documentation.

By default, users added to Configuration Manager will be members of the Tenants Team, which is a member of the Contributors group and inherits the permissions of the Contributors group. 

Members of the Tenants Team, or members of the [Tenants]\Contributors group, can perform all actions in Configuration Manager by default.

 

The following are examples of different ways to set Simeon permissions:

Adding a read-only user to Configuration Manager

Adding a custom read-only group 

Allow users access to only certain tenants 

Change who can approve a Sync 

Manage who can install tenants onto Configuration Manager