Defining Administrator Roles

An Administrator has restricted access to the Management Console and can be assigned various administrative roles by an Enterprise Administrator.

Administrator access roles are described in the following table.


Administrator Rights

Ivanti Device and Application Control Application

Settings (Device Control)

Change permissions and options for the user, user groups, computers, and devices that the Administrator has write privileges in the Active Directory. Can view the Media Authorizer module.

Without this role assignment, Administrator can only view the users access permissions.

Device Control

Time based settings (Device Control)

Set temporary and scheduled device permissions. This function is a sub group of Settings (Device Control).

Device Control

Devices (Device Control)

Add new devices to the database using Manage Devices and organize devices into groups.

Device Control

Media (Device Control)

Encrypt and authorize media using the Media Authorizer module and generate the Media by User and Users by Medium reports.

This an optional function for subgroups of Settings (Device Control).

Device Control

Audit (Device Control)

View and search Audit Logs and view Administrator actions, with the appropriate rights, using the Log Explorer module.

Device Control

Logs (Device Control)

View central logging and access shadow files using the Log Explorer module and generating Shadowing by Device and Shadowing by User reports.

Deice Control

Logs without File Access (Device Control)

View central logging without access to shadow file content.

This option is a sub group of Logs (Device Control).

Device Control

Key Recovery (Device Control)

Generate a passphrase for access to an encrypted device when the user has does not have a decentralized encryption password.

Can be accomplished with a lower security risk when the user is connected to the network.

Device Control

Temporary Permissions Offline (Device Control)

Set only temporary permissions for users that are not connected to the Application Server and extend access permissions for a limited time.

Device Control

Settings (App. Control)

View and modify user, user group, and computer Default Options for which the administrator has write permissions in the Active Directory, and authorize applications using the Authorization Wizard.

Application Control

Audit (App. Control)

View and search audit logs of system activity using the Log Explorer.

Application Control

Execution Logs (App. Control)

View and search execution logs using the Log Explorer for users, user groups, and computers that the administrator has write permission in the Active Directory.

Application Control

Machine Scans (App. Control)

Use the Scan Explorer to scan target computers, build lists of authorized executable, script, and macro files, view scan results for computers that the administrator has write permission in the Active Directory, and create new scan templates.

Application Control

Endpoint Maintenance

Create tickets to update, delete, and install clients.

Application Control; Device Control

Scheduled Reports

Generate custom reports at pre-scheduled intervals between start and end dates.

Application Control; Device Control

Synchronize Computer

An Administrator can only synchronize computers, not domains.

Only an Enterprise Administrator can synchronize domains and computers.

Application Control; Device Control

Related Tasks