Defining Administrator Roles
An Administrator has restricted access to the Management Console and can be assigned various administrative roles by an Enterprise Administrator.
Administrator access roles are described in the following table.
|
Functions |
Administrator Rights |
Ivanti Device and Application Control Application |
|---|---|---|
|
Settings (Device Control) |
Change permissions and options for the user, user groups, computers, and devices that the Administrator has write privileges in the Active Directory. Can view the Media Authorizer module. Without this role assignment, Administrator can only view the users access permissions. |
Device Control |
|
Time based settings (Device Control) |
Set temporary and scheduled device permissions. This function is a sub group of Settings (Device Control). |
Device Control |
|
Devices (Device Control) |
Add new devices to the database using Manage Devices and organize devices into groups. |
Device Control |
|
Media (Device Control) |
Encrypt and authorize media using the Media Authorizer module and generate the Media by User and Users by Medium reports. This an optional function for subgroups of Settings (Device Control). |
Device Control |
|
Audit (Device Control) |
View and search Audit Logs and view Administrator actions, with the appropriate rights, using the Log Explorer module. |
Device Control |
|
Logs (Device Control) |
View central logging and access shadow files using the Log Explorer module and generating Shadowing by Device and Shadowing by User reports. |
Deice Control |
|
Logs without File Access (Device Control) |
View central logging without access to shadow file content. This option is a sub group of Logs (Device Control). |
Device Control |
|
Key Recovery (Device Control) |
Generate a passphrase for access to an encrypted device when the user has does not have a decentralized encryption password. Can be accomplished with a lower security risk when the user is connected to the network. |
Device Control |
|
Temporary Permissions Offline (Device Control) |
Set only temporary permissions for users that are not connected to the Application Server and extend access permissions for a limited time. |
Device Control |
|
Settings (App. Control) |
View and modify user, user group, and computer Default Options for which the administrator has write permissions in the Active Directory, and authorize applications using the Authorization Wizard. |
Application Control |
|
Audit (App. Control) |
View and search audit logs of system activity using the Log Explorer. |
Application Control |
|
Execution Logs (App. Control) |
View and search execution logs using the Log Explorer for users, user groups, and computers that the administrator has write permission in the Active Directory. |
Application Control |
|
Machine Scans (App. Control) |
Use the Scan Explorer to scan target computers, build lists of authorized executable, script, and macro files, view scan results for computers that the administrator has write permission in the Active Directory, and create new scan templates. |
Application Control |
|
Endpoint Maintenance |
Create tickets to update, delete, and install clients. |
Application Control; Device Control |
|
Scheduled Reports |
Generate custom reports at pre-scheduled intervals between start and end dates. |
Application Control; Device Control |
|
Synchronize Computer |
An Administrator can only synchronize computers, not domains. Only an Enterprise Administrator can synchronize domains and computers. |
Application Control; Device Control |