Part 2: SCSM Security User Roles Script
This blog post outlines the script posted on Technet Gallery that will make it easier to see what User roles a user has, what permissions have been assigned to a User Role and where a tasks/view/etc has been assigned to a User Role.
The script also allows you to export a report in CSV format of all the user roles and associated permissions or run a report on a specific role. This can be useful if you want to audit the user roles in Service Manager or document what has been set. It can also be useful if you want to copy the security settings between SCSM instances.
Also refer to Part 1: SCSM Security User Roles
Powershell Version
For the script I have used the out of the box PowerShell rather than SMLets. The main command that I use is Get-SCSMUserRole and both of SMLets and Standard SCSM PowerShell have a the cmdlet, but they give different output.
There is a downside to using the standard PowerShell command and it relates to the display name on CI Groups, Catalog Groups or Queues - this will display may not honor the display language of the console and will sue the language settings from the install on the first server.
Also y using the standard PowerShell version I have sacrificed some information about which management pack the data is stored in.
It was too difficult (and very confusing) to load and unload the different PowerShell modules to be able to use both versions of the Get-SCSMUserRole command.
Standard SCSM PowerShell Get-SCSMUserRole Output:

SMLets PowerShell Get-SCSMUserRole Output

SMLets and Standard PowerShell Get-SCSMUSerRole
The screenshots the output above are different and they have different properties and data.
The main differences between SMLets and Standard PowerShell Get-SCSMUSerRole are:
SMLets does not have the "All" settings - Alltasks, AllQueues, AllViews, AllTemplates etc.
SMLets groups Queues, CI Groups and Catalog Groups under one property - Objects
SMLets does have Management Pack Name where things are stored more often than Standard PowerShell. To see this you need to expand each of the properties eg see all the properties for each member of Views and management pack name will be displayed.
Standard PowerShell has a language issue with CI Groups, Catalog Groups or Queues - the displayname used is the default language rather than the current language.
SMLets does not have any information on tasks.
You might need to run the SMLets version of Get-SCSMUserRole manually to get the information that the standard version does not get.
Other Useful PowerShell Commands
These PowerShell Commands can also be useful as well:
Get-SCSMTask
Get-SCSMView
Get-SCSMTemplate
Get-SCSMGroup
Get-SCSMQueue
Script: SecurityUserRoles
The script starts by getting all the User Roles in the SCSM instance - this can take a bit of time (up to 3-5 mins in an instance with a lot of roles), but it is only done once and it is used by most of the options in the script. The script does not exit until you are finished running the options you need.
The script uses a PowerShell "GUI" that prompts for the input - a bit old school, but it is simple for Administrators to use and they don't need to remember or worry about what parameters to use.
The colors made sense to me, but feel free to edit them to something you like. The theme was Green for general information and Yellow for where a choice or input was required.

Script menu Options
The script has a lot of options to choose from and they can be broken down into the following sections:
Find what has been assigned to a User Role
Input a role name and get:
the direct assigned users and groups
the assigned tasks
the assigned templates
the assigned views
the assigned queues
the assigned CI Groups
the assigned Catalog Groups
Note: to find all objects associated with a User Role use the Specific Report option 22
Input a UserID to find User Roles
a User ID - will recursively find all groups for a user ID (Samaccountname) and then check which User Roles the user is assigned to.
Note this assumes the user and SCSM instance are in the same domain.
.
All Settings
A list of where the All settings, AllTasks, AllViews, AllQueues etc, have been used. These are usually one of the main reasons why analysts can "see" too many things.
Input Object to find the associated User Roles:
a task display name
a template display name
a view display name
a catalog group display name (language settings may be an issue)
a CI Group display name (language settings may be an issue)
a queue display name (language settings may be an issue)
List the display name of all objects of a particular type
This is very useful if the script is not accepting the display name you have entered for an object and it might be using a different language value or slightly different name:
all user roles
all templates
all views
all CI Groups
all queues
all tasks
Report options
Will display on screen and then give an option to save to CSV file:
All the settings for one User Role
All the setting for all the User Roles
Script Download: SCSM Security Roles Script
Part 1: SCSM Security User Roles