This article only applies to Squared Up Version 2.0. If you're looking for help with Squared Up Version 3.0, please visit our new knowledge base

You may wish Squared Up users (SCOM Operators or Advanced Operators) to be able to edit Company Knowledge, without giving them the full SCOM Authors role.

Users with the following roles are able to logon to Squared Up: Administrator, Read-Only Operator, Operator, Advanced Operator and Author. Here's the TechNet article that lists the SCOM roles and permissions: https://technet.microsoft.com/en-gb/library/hh872885.aspx

Normally Squared Up makes all calls to SCOM using the identity of the end user – this allows SCOM to enforce role-based access control.  When the settings below are used, Squared Up uses its own application pool identity to save the company knowledge instead of the users identity (thus ‘elevating’ the users privileges for this particular call).

Procedure

A. Add the SquaredUp application pool account to a SCOM Author role.

1. Identify the Squared Up app pool account, see Checking and modifying the application pool identity.

2. From a security point of view, best practice is to create a new SCOM Author role for the Squared Up identity to use, and configure that role to only provide author permissions and no operator permissions. To do this using the SCOM console, go to Administration, Security, User Roles in the SCOM console and create a new Author user role as normal, but uncheck all items in the Group Scope.

3, Add the SquaredUp application pool account to a SCOM Author role.  If the app pool account is not a computer account you can do this by going to Administration, Security, User Roles, right-clicking on a SCOM Author role, selecting Properties, then 'Add' under User Role Members.

If the app pool account is NETWORKSERVICE you will need to add the computer account. Computer accounts cannot be added in the SCOM console, so you need to use a Powershell cmdlet instead:

Click Start, click All Programs, click Microsoft System Center 2012, click Operations Manager, and then click Operations Manager Shell.

Run the following script , replacing MY AUTHOR ROLE with the name of the new Author role you have created and MYDOMAIN\COMPUTER with the domain and computer name of the Squared Up server (which can be found on the server where Squared Up in installed by going to the Start menu, right-clicking on Computer and selecting Properties).

$scomrole = Get-SCOMuserrole –displayname “MY AUTHOR ROLE”
 
Set-ScomUserrole –user “MYDOMAIN\COMPUTER$” –userrole $scomrole

B. Edit the Application Settings

1. In IIS navigate to version 2 of Squared Up (SquaredUpv2 or SquaredUp depending on whether you have v1 and v2 installed side-by-side).

2. Go to Application Settings.


3. Right-click and select Add


4. In name type either:

elevate-companyknowledge-operators

or

elevate-companyknowledge-advancedoperators

5. In value type: true

6. Click OK.

Depending on which setting you use, operators or advanced operators will now be able to edit company knowledge.


See also:

Change where company knowledge is saved

Checking and modifying the application pool identity