Conditions Tab
The Conditions tab is used to define who the role applies to.
The Conditions tab includes three subtabs:
Group and OU
On the Group and OU tab, you can add role conditions used to apply Include or Exclude conditions to a role based on security group membership (AD group membership or OU container).
The Conditions > Group and OU tab of the Create New Role dialog box includes the following properties and buttons:
| Property / Tabs | Details |
|---|---|
| Add Condition | Click to open the Add Condition dialog box, where you can add a condition to the role. |
| Remove Condition | Click to delete the selected condition from the role. |
| Name | Name of selected Group/OU. |
| Value | Value of Group/OU. |
| Enforcement | Select Include or Exclude to specify the type of condition that you are adding. |
| Apply to OU and child OUs | Select this option to apply this condition to all of the OU’s child OUs. If this option is not selected, this condition is not applied to the selected OU’s child OUs. |
AD Property
On the AD Property tab, you can add role conditions used to apply Include or Exclude conditions to a role based on an AD property.
The Conditions > AD Property tab of the Role Properties dialog box includes the following properties and buttons:
| Property / Tabs | Details |
|---|---|
| Add Condition | Click to open the Add Condition dialog box, where you can add a condition to the role. |
| Remove Condition | Click to delete the selected condition from the role. |
| Name | Name of selected AD property. |
| Value | Value of AD property. |
| Operator | Operator used in the AD property condition. |
| Enforcement | Select Include Property or Exclude Property to specify the type of condition that you are adding. |
| Apply to OU and child OUs | Select this option to apply this condition to all of the OU’s child OUs. If this option is not selected, this condition is not applied to the selected OU’s child OUs. |
Collections
On the Collections tab, you can add role conditions used to apply Include or Exclude conditions to a role based on System Center Configuration Manager collection membership.
The Conditions > Collections tab of the Role Properties dialog box includes the following properties and buttons:
| Property / Tabs | Details |
|---|---|
| Add Condition | Click to open the Add Condition dialog box, where you can add a condition to the role. |
| Remove Condition | Click to delete the selected condition from the role. |
| Value | Value of System Center Configuration Manager collection. |
| Enforcement | Select Include Collection or Exclude Collection to specify the type of condition that you are adding. |
| Deployment Technology | Deployment technology containing the selected collection. |
You can create two types of “collection” conditions: user collections and machine collections. However, when defining a condition on a role, App Portal only supports user collection conditions. This is because roles are associated with the users, not with machines.