myITForum regular Monica Readenour and Greg Augustine were kind enough to share a script that they had developed to help set custom collection permissions. It is based on adjusting collection permissions based on the collection prefix. I had posted another example of setting instance level permissions here.
Copy/paste code here (rename to *.vbs)
'~~ Begin copy - watch line wrap
' Written by Greg Augustine to set the Instance Security rights on collections
'permissions 1 = read, 2 = modify, 4 = delete, 32 = remote control, 64 = advertise, 128 = modify resource
' 512 = delete resource, 2048 = view collected files, 4096 = read resource
'permissions are cumulative
' Modified by Monica Readenour to add different agency access
strSMSServer = "primary site server name goes here"
' strSMSServer can be changed to reflect which ever server it is going to be run on ex ADSPrim0, BDSPrim0, CDSPrim1
CollectionIDs = Array("List of collection names go here.")
' The array of collections would look like the following example ("AD000012", "AD000026", "AD000034") if the
' collections were tied to an agency. Make sure collecion id's are all caps, i also use the above collection
' id's for an example below on how to set the groups and permission sets
Set objLoc = CreateObject("WbemScripting.SWbemLocator")
Set objSMS= objLoc.ConnectServer(strSMSServer, "root\sms")
Set Results = objSMS.ExecQuery("SELECT * From SMS_ProviderLocation WHERE ProviderForLocalSite = true")
For each Loc in Results
If Loc.ProviderForLocalSite = True Then
Set objSMS = objLoc.ConnectServer(Loc.Machine, "root\sms\site_" & Loc.SiteCode)
end if
Next
For each cid in CollectionIDs
if cid = "AD100011" then
SMSGroups = Array("ADS\dr-SMSAdmins", "ADS\DR-L-OU_Help_Desk", "ADS\dr-g-sh_admin_tsb_apg", "ADS\DR-SMSReportAdmins")
SMSRights = Array(2104039, 33, 33, 6177)
strCollID = "AD100011" 'Base Collection
' elseif cid = "AD000026" then
' SMSGroups = Array("ADS\de-SMSAdmins", "aDS\DED-MIS EndUser")
' SMSRights = Array(6823, 33)
' strCollID = "AD000026" 'Base Collection
End if
' This is an example of collections on our primary using the above example were the CollectionIDs array members
' if s = "AD00000D" then
' SMSGroups = Array("domain\XX-SMSAdmins", "domain\xx-SMSReportUsers", "Domain\xx-HelpDesk")
' SMSRights = Array(6887, 6145, 33)
' strCollID = s 'Base Collection
' elseif s = "AD000026" then
' SMSGroups = Array("ADS\de-SMSAdmins", "aDS\DED-MIS EndUser", "aDS\DED-Tech Admins")
' SMSRights = Array(6887, 6145, 33)
' strCollID = s 'Base Collection
Createquery strWQL, cid
Set colSubCollections = objSMS.ExecQuery(strWQL)
For each SC in colSubCollections
Checkpermissions(SC.CollectionID)
Createquery strWQL2, SC.CollectionID
Set colSubCollections2 = objSMS.ExecQuery(strWQL2)
For each SC2 in colSubCollections2
Checkpermissions(SC2.CollectionID)
Createquery strWQL3, SC2.CollectionID
Set colSubCollections3 = objSMS.ExecQuery(strWQL3)
For each SC3 in colSubCollections3
Checkpermissions(SC3.CollectionID)
Createquery strWQL4, SC3.CollectionID
Set colSubCollections4 = objSMS.ExecQuery(strWQL4)
For each SC4 in colSubCollections4
Checkpermissions(SC4.CollectionID)
Createquery strWQL5, SC4.CollectionID
Set colSubCollections5 = objSMS.ExecQuery(strWQL5)
For each SC5 in colSubCollections5
Checkpermissions(SC5.CollectionID)
Createquery strWQL6, SC5.CollectionID
Set colSubCollections6 = objSMS.ExecQuery(strWQL6)
For each SC6 in colSubCollections6
Checkpermissions(SC6.CollectionID)
Next
Next
Next
Next
Next
Next
Next
Function CreateQuery(w, x)
w ="SELECT col.* FROM SMS_Collection as col INNER JOIN SMS_CollectToSubCollect as ctsc " & _
"ON col.CollectionID = ctsc.subCollectionID WHERE ctsc.parentCollectionID='" & x & "' " & _
"ORDER by col.Name"
End Function
Function Setpermissions(z, u, v)
Set objNewRight = objSMS.Get("SMS_UserInstancePermissions").SpawnInstance_()
objNewRight.UserName = u
objNewRight.ObjectKey = 1 '1=collection
objNewRight.InstanceKey = z
objNewRight.InstancePermissions = v
objNewRight.Put_
End Function
Function DeletePermissions(z, u, v)
Set objNewRight = objSMS.Get("SMS_UserInstancePermissions").SpawnInstance_()
objNewRight.UserName = u
objNewRight.ObjectKey = 1 '1=collection
objNewRight.InstanceKey = z
objNewRight.InstancePermissions = v
objNewRight.Delete_
End Function
Function Checkpermissions(y)
For i = 0 To UBound(SMSGroups)
AlreadySet=False
set Colrights = objSMS.ExecQuery("Select * From SMS_UserInstancePermissions WHERE ObjectKey=1 AND " & _
"InstanceKey='" & y & "'")
For Each objRight in colRights
If ucase(objRight.Username) = ucase(SMSGroups(i)) Then
if objRight.instancepermissions = SMSRights(i) then
AlreadySet=True
end if
end if
Next
If Not AlreadySet then
Setpermissions y, SMSGroups(i), SMSRights(i)
End if
Next
NumGroups y
End Function
Function NumGroups(t)
set Colrights2 = objSMS.ExecQuery("Select * From SMS_UserInstancePermissions WHERE ObjectKey=1 AND " & _
"InstanceKey='" & t & "'")
For Each objR in colRights2
verdel = 0
for qq = 0 to ubound(SMSGroups)
if Ucase(objr.username) <> ucase(SMSGroups(qq)) then
verdel = 1
else
verdel = 0
exit for
end if
next
if verdel = 1 then
DeletePermissions t, objr.username, objr.instancepermissions
end if
Next
End Function
'~~ end copy