Removing a security scope from an object instance is as simple as deleting the Windows Management Instrumentation (WMI) SMS_SecuredCategoryMembership class instance. However, object instances must have at least one security scope associated with them. The last object instance can never be removed. Every object is created with the Default security scope, and if all other security scopes are to be removed from an object instance, the Default should be added to it before removal.
Important |
---|
You must have administrative rights to the scope and the object you are removing it from. If you do not have the correct permissions, removing a scope from that object instance will fail. Removing the last scope from an object will be unsuccessful and will fail. |
Tip |
---|
To remove multiple objects to a scope, use the RemoveMemberships Method in Class SMS_SecuredCategoryMembership. |
To remove a security scope from an object
-
Set up a connection to the SMS Provider.
-
Determine the object’s key property identifier.
-
Determine the object type identifier.
-
Determine the scope identifier.
-
Find an instance of the SMS_SecuredCategoryMembership WMI class that matches the .
-
Delete the instance.
Example
The following code example removes a scope identifier from a package:
Visual Basic Script | Copy Code |
---|---|
Sub RemoveObjectScope(connection, scopeId, objectKey, objectTypeId) Dim assignment ' Find the existing scope assignement that matches our parameters. Set assignment = connection.Get("SMS_SecuredCategoryMembership.CategoryID='" & scopeId & "',ObjectKey='" & objectKey & "',ObjectTypeId=" & objectTypeId) If (assignment Is Nothing) Then Err.Raise 1, "RemoveObjectScope", "Unable to find matching scope, object, and object type." Else assignment.Delete_ End If End Sub |
C# | Copy Code |
---|---|
public void RemoveObjectScope(WqlConnectionManager connection, string scopeId, string objectKey, int objectTypeId) { // Find the existing scope assignement that matches our parameters. IResultObject assignment = connection.GetInstance("SMS_SecuredCategoryMembership.CategoryID='" + scopeId + "',ObjectKey='" + objectKey + "',ObjectTypeID=" + objectTypeId.ToString()); // Make sure we found the scope. if (assignment == null) throw new System.Exception("Unable to find matching scope, object, and object type."); else assignment.Delete(); } |
The example method has the following parameters:
Parameter |
Type |
Description |
connection |
|
A valid connection to the SMS Provider. |
scopeId |
String |
The identifier of the security scope to delete. |
objectKey |
String |
The key property value of the object. |
objectTypeId |
Integer |
The type identifier of the object referenced in the objectKey parameter. |
Compiling the Code
The C# example requires:
Namespaces
Microsoft.ConfigurationManagement.ManagementProvider
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine
Assembly
adminui.wqlqueryengine
microsoft.configurationmanagement.managementprovider