When you add a new role assignment, you can specify a built-in or custom role that was created using the New-ManagementRole cmdlet and specify an organizational unit (OU) or predefined or custom management scope to restrict the assignment.
You can create custom management scopes using the New-ManagementScope cmdlet and can view a list of existing scopes using the Get-ManagementScope cmdlet. If you choose not to specify an OU, or predefined or custom scope, the implicit write scope of the role applies to the role assignment.
For more information about management role assignments, see Understanding management role assignments.
You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Role assignments" entry in the Role management permissions topic.
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Role groups" entry in the Role Management Permissions topic.
If you created a server or database configuration filter or list-based scope, you need to include the scope in the command used to assign the role to a role group by using the CustomConfigWriteScope parameter.
You can also include a recipient write scope when you create a role assignment that has a configuration write scope.
For more information about role assignments and management scopes, see the following topics:
Use the following syntax to assign a role to a role group with a configuration scope. A role assignment name is created automatically if you don't specify one.
This example assigns the Databases role to the Seattle Server Admins role group and applies the Seattle Servers scope.
For detailed syntax and parameter information, see New-ManagementRoleAssignment.