Role permissions
Each role contains multiple permissions that are turned on. The roles make sure that administrator users cannot escalate their permissions. For example, Junior helpdesk administrators cannot escalate their permissions to the equivalent of Senior helpdesk administrators.
Permissions to create and manage administrator users
| Permission | Security role | Enterprise role | Senior helpdesk role | Junior helpdesk role |
|---|---|---|---|---|
| Create an administrator account | √ | |||
| View an administrator user | √ | √ | √ | √ |
| Edit an administrator user | √ | |||
| Change an administrator user's role | √ | |||
| Delete an administrator user | √ | |||
| Change another administrator user's password | √ | |||
| View your organization's settings | √ | √ | √ | |
| Change your organization's settings | √ | √ |
Permissions to control how devices connect to work resources
| Permission | Security role | Enterprise role | Senior helpdesk role | Junior helpdesk role |
|---|---|---|---|---|
| Create a profile | √ | √ | ||
| View a profile | √ | √ | √ | √ |
| Change a profile | √ | √ | ||
| Delete a profile | √ | √ |
Permissions to control the capabilities of devices
| Permission | Security role | Enterprise role | Senior helpdesk role | Junior helpdesk role |
|---|---|---|---|---|
| Create an IT policy | √ | √ | ||
| View an IT policy | √ | √ | √ | √ |
| Change an IT policy | √ | √ | ||
| Delete an IT policy | √ | √ |
Permissions to manage user groups and user accounts
| Permission | Security role | Enterprise role | Senior helpdesk role | Junior helpdesk role |
|---|---|---|---|---|
| Create a group | √ | √ | √ | |
| View a group | √ | √ | √ | √ |
| Change a group | √ | √ | √ | |
| Delete a group | √ | √ | ||
| Create a user | √ | √ | √ | |
| View a user | √ | √ | √ | √ |
| Change a user | √ | √ | √ | √ |
| Delete a user | √ | √ | √ | |
| Assign IT policies and profiles to users and user groups | √ | √ | √ | √ |
| Remove IT policies and profiles from users and user groups | √ | √ | √ | √ |
| Rank IT policies and profiles | √ | √ |
Permissions to change device activation settings
| Permission | Security role | Enterprise role | Senior helpdesk role | Junior helpdesk role |
|---|---|---|---|---|
| View device activation settings | √ | √ | √ | √ |
| Change device activation settings | √ | √ | √ | √ |
| Specify an activation password | √ | √ | √ | √ |
| Generate an activation email | √ | √ | √ | √ |
Permissions to manage devices
| Permission | Security role | Enterprise role | Senior helpdesk role | Junior helpdesk role |
|---|---|---|---|---|
| View a device | √ | √ | √ | √ |
| Change a device | √ | √ | √ | √ |
| Specify device ownership | √ | √ | √ | √ |
| Delete all device data and remove the device | √ | √ | √ | √ |
| Delete only the work data and remove the device | √ | √ | √ | √ |
| Lock a device | √ | √ | √ | √ |
| Lock a device and reset the password | √ | √ | √ | √ |
Permissions to control apps on devices
| Permission | Security role | Enterprise role | Senior helpdesk role | Junior helpdesk role |
|---|---|---|---|---|
| Add an app | √ | √ | ||
| View the list of apps | √ | √ | √ | √ |
| Delete an app | √ | √ | ||
| Assign apps and app groups to users | √ | √ | √ | |
| Assign apps and app groups to groups | √ | √ | √ |