Set your SCCM collections up with proper limiting collections to have a hierarchical setup. It makes permissions management much easier.
Example: company XYZ has two offices, one in New York and one in LA. Each office has its own technical support needing SCCM console rights to their respective collections, but not the other office’s. Each office has its own sales, marketing, and accounting staff. Set collections up like this:
| Description | Collection Name | Limiting Collection Name |
| All Company Computers(all computers from NY and LA) | All-XYZ-Computers | All Systems |
| All LA Computers | LA-Office | All-XYZ-Computers |
| All NY Computers | NY-Office | All-XYZ-Computers |
| All LA Sales Computers | LA-Sales-Computers | LA-Office |
| All LA Marketing Computers | LA-Marketing-Computers | LA-Office |
| All LA Accounting Computers | LA-Accounting-Computers | LA-Office |
| All NY Sales Computers | NY-Sales-Computers | NY-Office |
| All NY Marketing Computers | NY-Marketing-Computers | NY-Office |
| All NY Accounting Computers | NY-Accounting-Computers | NY-Office |
Now, when I assign my rights, I will assign New York technical support staff to the NY-Office collection and LA technical staff to the LA-Office collection. Because of the way limiting collections work, granting them access to those two collections will also grant them access to their respective sales, marketing, and accounting collections. Furthermore, for IT staff such as the help desk that needs to see all devices, I can grant them rights to the All-XYZ-Computers collection and they will see LA-Office, NY-Office, and all sales, marketing, and accounting collections.
