On a brand new System Center Orchestrator 2012 install the web console was showing the basic site, but would show no details for Runbooks or Runbook Servers.
It would work fine if I connected using the “Orchestrator Admin” account used during install, but other accounts were all having problems. It seemed obvious that permissions were the problem, but where exactly? All those same users could use the Orchestrator Designer console without any problem, so it seemed they had all the permissions needed.
It would appear the the issue is something to do with the way I had nested groups granting permissions and the way pass-through authentication works in IIS.
The user accounts were members of an AD group (AD\OrcAuthors) and that group was in turn a member of the Management servers local “OrchestratorUsersGroup”. In the Designer console, opening properties on the “Runbook” folder showed that the “OrchestratorsUsersGroup” had full control permissions. This is fine for the Designer Console, but it didn’t work with the Web Console
To resolve, the AD (OrcAuthors) group was given direct permissions to the Runbook folder and from that point the Web Console worked fine.
So, just apply permissions for AD groups directly to the required Runbook folders, don’t nest them in the local server OrchestratorUsersGroup.