Managing groups
You can reduce the time that you spend managing user accounts by creating groups of similar user accounts and assigning shared properties, such as software configurations or IT policies, to the group. Properties that you assign to a group are assigned to all user accounts in the group.
- The properties at the individual level override the properties at the group level.
- The properties at the group level override the properties at the domain level.
After you add a user account or administrator account to a group, you can override the properties that you configured for the account at the group level or domain level by changing the properties at the user account level.
If you remove a user account or administrator account from a group, the account name remains in the global users list but it does not appear in the group list.
You can either create user-specific groups and assign roles to those groups or use the default user groups that contain pre-existing roles.
If you are managing a large number of groups (over 3000) using the BlackBerry Administration Service in a single domain, your organization's environment might experience a performance impact.
Using default groups to manage user accounts and administrator accounts
The BlackBerry® Enterprise Server installation includes default groups that have preconfigured administrative roles. You can use the default groups in your organization's environment instead of creating specific administrative groups. Each default group consists of a set of preconfigured rules which specify the information that administrators can view and the tasks that they can perform using the BlackBerry Administration Service and BlackBerry Monitoring Service.
The default groups ensure users without administrative privileges cannot escalate their permissions, for example, junior administrators cannot escalate their roles to senior administrator roles.
|
Default group |
Description of the default group |
|---|---|
|
Administrators |
This is a preconfigured group for BlackBerry Administration Service administrators. This groups has the permissions assigned to the Security role. Administrators in this group are responsible for ensuring all Junior Helpdesk administrators are added to the Junior Helpdesk group. |
|
Help desk representatives |
This is a preconfigured group for help desk administrators. This group has the permissions assigned to the Junior Helpdesk role. Junior Helpdesk administrators in this group can perform basic administrative tasks such as adding users to groups and assigning BlackBerry devices to BlackBerry device users. The Junior Helpdesk role can only add users to the Web Desktop Users group and the Junior Helpdesk group. |
|
BlackBerry® Web Desktop Manager users |
This is a preconfigured group for BlackBerry Web Desktop Manager users. BlackBerry Web Desktop Manager users in this group do not have any BlackBerry Administration Service administrative permissions. Users in this group can perform basic administrative tasks on their own user account using the BlackBerry Web Desktop Manager such as setting an activation password or locking their BlackBerry device. |
Preconfigured administrative roles
The BlackBerry® Enterprise Server installation includes preconfigured administrative roles. You can use the preconfigured administrative roles in your organization's environment instead of creating customized administrative roles. Each preconfigured administrative role contains multiple permissions that are turned on. The preconfigured administrative roles ensure users without specific administrative permissions cannot escalate their permissions, for example, junior helpdesk administrators cannot escalate their roles to senior helpdesk administrator roles. You can configure additional permissions in the preconfigured administrative roles or turn off any of the permissions.
Permission name |
Security role |
Enterprise role |
Senior Helpdesk role |
Junior Helpdesk role |
Server only role |
User only role |
|---|---|---|---|---|---|---|
Create a group |
X |
X |
X |
X |
||
Delete a group |
X |
X |
X |
|||
View a group (across Group) |
X |
X |
X |
X |
X |
|
Edit a group (across Group) |
X |
X |
X |
X |
X |
|
Create a user |
X |
X |
X |
X |
||
Delete a user |
X |
X |
X |
X |
||
View a user (across Group) |
X |
X |
X |
X |
X |
|
Edit a user (across Group) |
X |
X |
X |
X |
X |
|
View a device (across Group) |
X |
X |
X |
X |
X |
|
Edit a device (across Group) |
X |
X |
X |
X |
X |
|
View device activation settings |
X |
X |
X |
|||
Edit device activation settings |
X |
X |
X |
|||
Create an IT policy |
X |
X |
X |
|||
Delete an IT policy |
X |
X |
X |
|||
View an IT policy |
X |
X |
X |
X |
X |
|
Edit an IT policy |
X |
X |
X |
|||
Import an IT policy |
X |
X |
X |
|||
Export an IT policy |
X |
X |
X |
|||
Create a user-defined IT policy template |
X |
X |
X |
|||
Delete a user-defined IT policy template |
X |
X |
X |
|||
Edit a user-defined IT policy template |
X |
X |
X |
|||
Import an IT policy template |
X |
X |
X |
|||
Resend data to devices |
X |
X |
X |
|||
Create a software configuration |
X |
X |
X |
|||
View a software configuration |
X |
X |
X |
X |
X |
|
Edit a software configuration |
X |
X |
X |
|||
Delete a software configuration |
X |
X |
X |
|||
View BlackBerry Administration Service software management |
X |
X |
X |
|||
Edit BlackBerry Administration Service software management |
X |
X |
||||
Create an application |
X |
X |
X |
|||
View an application |
X |
X |
X |
X |
X |
|
Edit an application |
X |
X |
X |
|||
Delete an application |
X |
X |
X |
|||
Create an administrator user |
X |
|||||
Specify an activation password |
X |
X |
X |
X |
X |
|
Generate an activation email |
X |
X |
X |
X |
X |
|
Assign the current device to a user |
X |
X |
X |
X |
X |
|
Turn off and on external services |
X |
X |
X |
X |
||
Clear activation password |
X |
X |
X |
X |
X |
|
Clear synchronization backup data |
X |
X |
X |
X |
||
Clear user statistics |
X |
X |
X |
X |
X |
|
Export statistics |
X |
X |
X |
|||
Reset user field mapping |
X |
X |
X |
X |
||
Turn on redirection |
X |
X |
X |
X |
||
Turn off redirection |
X |
X |
X |
X |
||
Refresh available user list from company directory |
X |
X |
X |
|||
Add User from Company Directory |
X |
X |
X |
X |
||
Synchronize GroupWise System Address Book |
X |
X |
X |
|||
Clear and synchronize GroupWise System Address Book |
X |
X |
X |
|||
View a server |
X |
X |
X |
|||
Edit a server |
X |
X |
X |
|||
View a component |
X |
X |
X |
|||
Edit a component |
X |
X |
X |
|||
View an instance |
X |
X |
X |
|||
Edit an instance |
X |
X |
X |
|||
Change the status of an instance |
X |
X |
X |
|||
Edit an instance relationship |
X |
X |
X |
|||
View a job |
X |
X |
X |
|||
Edit a job |
X |
X |
X |
|||
Manage deployment job tasks |
X |
X |
X |
|||
Change the status of a job task |
X |
X |
X |
|||
Update peer-to-peer encryption key |
X |
X |
X |
|||
View job distribution settings |
X |
X |
X |
|||
Edit job distribution settings |
X |
X |
X |
|||
Delete an instance |
X |
X |
X |
|||
Edit license keys |
X |
X |
X |
|||
View license keys |
X |
X |
X |
|||
Manually fail a job |
X |
X |
X |
|||
Clear instance statistics |
X |
X |
X |
|||
View push rules for the BlackBerry MDS Connection Service |
X |
X |
X |
X |
X |
X |
View pull rules for the BlackBerry MDS Connection Service |
X |
X |
X |
X |
X |
|
Send message (across Group) |
X |
X |
X |
X |
X |
|
Create a role |
X |
X |
||||
Delete a role |
X |
X |
||||
View a role |
X |
X |
X |
|||
Edit a role |
X |
X |
||||
Add or remove role |
X |
X |
X |
|||
Import or export groups within roles |
X |
|||||
View BlackBerry Monitoring Service information |
X |
|||||
Edit BlackBerry Monitoring Service settings |
X |
|||||
Import new users |
X |
X |
X |
|||
Import or export users |
X |
X |
X |
X |
||
Import user updates |
X |
X |
X |
|||
Import or export email message filters for a user |
X |
X |
X |
|||
Export asset summary data |
X |
X |
X |
|||
Add or remove to user configuration |
X |
X |
X |
X |
Add user accounts to a group
- In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand User.
- Click Manage users.
- Search for the user accounts.
- Select the user accounts.
- In the Add to user configuration list, click Add group.
- In the Available groups list, click the group that you want to add the user accounts to.
- Click Add.
- Click Save.
Remove a user account from a group
- In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand Group.
- Click Manage groups.
- Click the group name.
- In the Manage users in group membership list, click Remove users from group membership.
- Search for a user account.
- Select the check boxes beside the display names for the user accounts that you want to remove.
- Click Remove from group membership.
Change the properties of a group
- In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand Group.
- Click Manage groups.
- Click the group name.
- Click Edit group.
- Switch between the appropriate tabs and make the appropriate changes.
- Click Save all.