Role Based Permissions for RCT

I am looking for documentation on the specific RBAC permissions that are required to make certain Right Click Tools work. Let’s start with the Interactive Command Prompt. I might find the answer before some one responds since I am experimenting one permission at a time to see when I stop receiving a message that the user doesn’t have the proper Role-based permissions to perform that action. I have a Departmental Admin role that works and a Departmental Consultant Role that it does not.

We haven’t updated the document for a while, but a lot of the permissions still map reasonably close. You can find our permissions documentation here:

We also have the required Recast permissions on each tool in the docs site:

You only show the user needs Local Actions for the Interactive Command Prompt which is basically having local admin access on the computer but there is no mention of the minimum permissions you need on the ConfigMgr Server side to make that tool work. For example, I have a user that only has the Read-only Analyst role on one Collection in Config Manager but has Local Admin rights on the computers in that collection yet the Interactive Command Prompt tool does not work. If I give that use the Full Administrator role on that same collection, the tool works. This provides there are certain permissions required on the ConfigMgr Server side to make the Interactive Command Prompt tool work. I realize the Read-Only Analyst role has only Read and the Full Administrator role has everything but there is obviously something in-between. I would like to create a Custom RBAC Role in ConfigMgr that gives the minimum permissions to make the RCT tools work. In fact, other vendors like PatchMyPC give you a security role template to import into ConfigMgr to make their tools work so it would be nice if RCT did the same thing.