Forum Discussion
Solved
Intune 403 error - When accessing InTune Portal
Hi Intune Community, I have two users who I have given them the Application Manager role with full access, under Tenant Admin --> MEM roles but they are receiving following access error when they...
- Hi.
the microsoft documentation is a little bit hard to read. But yes indeed... just like the screenshot I posted.. All devices/All users otherwise it is not going to work
Thanks for your reply,
We dont want to give admin role, as it has full privileges. They shouldn't be given tat role.
They just need to manage the apps(upload, change properties ,assignments,etc.) so that is why I gave them MEM roles.
We dont want to give admin role, as it has full privileges. They shouldn't be given tat role.
They just need to manage the apps(upload, change properties ,assignments,etc.) so that is why I gave them MEM roles.
Hi...
Ahhh okay. Pretty good point. Do you have configured scoping or only added the user/group to the buildin role
Does the user have access to other parts like device configuration profiles? Just tested it my self.. I made a copy of the application manager role and assigned it the the Intune_app_group (my tset ser is a member) and included all devices and users... it took about 5/10 minutes before i could access the application page (the first time I logged in ... i had the same error)
- I wish Microsoft had better documentation for its platforms and Services.
Yes, that is exactly what I did.
I created a group and add those members there; then assign that group to my custom Role- exactly what you shared. But same error- Good R&D virtually, high give! 😉
- I think I figure out what is going on:
I checked the definition between Members & Scope for my role(application manager) :
Members: All users in the listed Azure security groups have permission to manage the users/devices that are listed in Scope (Groups).
Scope (Groups): All users/devices in these Azure security groups can be managed by the users in Members.
So, for Members it should be the group I wanna give the power/privileges to
but for Scope: it should be all devices, all users [ not limited to the assigned group - this is where I was doing wrong ]
Now, the users can access to Endpoint Manager- Hi.
the microsoft documentation is a little bit hard to read. But yes indeed... just like the screenshot I posted.. All devices/All users otherwise it is not going to work