Using default groups to manage user accounts and administrator accounts
The BlackBerry Enterprise Server installation includes default groups that have preconfigured administrative roles. You can use the default groups in your organization's environment instead of creating specific administrative groups. Each default group consists of a set of preconfigured rules which specify the information that administrators can view and the tasks that they can perform using the BlackBerry Administration Service and BlackBerry Monitoring Service.
The default groups ensure users without administrative privileges cannot escalate their permissions, for example, junior administrators cannot escalate their roles to senior administrator roles.
|
Default group |
Description of the default group |
|---|---|
|
Administrators |
This is a preconfigured group for BlackBerry Administration Service administrators. This groups has the permissions assigned to the Security role. Administrators in this group are responsible for ensuring all Junior Helpdesk administrators are added to the Junior Helpdesk group. |
|
Help desk representatives |
This is a preconfigured group for help desk administrators. This group has the permissions assigned to the Junior Helpdesk role. Junior Helpdesk administrators in this group can perform basic administrative tasks such as adding users to groups and assigning BlackBerry devices to BlackBerry device users. The Junior Helpdesk role can only add users to the Web Desktop Users group and the Junior Helpdesk group. |
|
BlackBerry Web Desktop Manager users |
This is a preconfigured group for BlackBerry Web Desktop Manager users. BlackBerry Web Desktop Manager users in this group do not have any BlackBerry Administration Service administrative permissions. Users in this group can perform basic administrative tasks on their own user account using the BlackBerry Web Desktop Manager such as setting an activation password or locking their BlackBerry device. |