Working with Roles

To perform tasks associated with roles, click a toolbar button or a list icon. To perform some tasks, selecting one or multiple roles from the list may be necessary.

Creating User Roles

Custom roles let you select individual access rights, accessible groups, and accessible endpoints for that role. Create a custom role when predefined system roles do not contain the access rights needed for a particular user. Creating a custom role is also useful when you require a role that can only access specific groups or endpoints.

Create custom roles from the Roles tab.

  1. From the Navigation Menu, select Tools > Users and Roles.
  2. Select the Roles tab.
  3. ClickCreate.
    The Create Role dialog opens to the Information tab.
  4. Type a name in the Name field.
  5. Type a description in the Description field.
  6. Select a role template from the Role Template list.
    Any existing role can be used as a template. The selected role determines initial access rights. You can later change which access rights are assigned to the role.
  7. Select the Access Rights tab.
  8. Select or clear the desired access rights.
    For additional information, refer to Predefined System Roles.

    Select or clear the All check box to globally select or clear all access rights. Additionally, child access rights are unavailable until their parent access rights are selected.

  9. Select the Groups tab.
  10. Assign the desired accessible endpoint groups to the role.
    Use one of the following methods to assign groups.

    11. Method

    Steps

    To assign individual groups:
    1. From the Available Groups table, select the check box(es) associated with the group(s) you want to assign.
    2. Click Assign.

    To assign all groups:

    Click Assign All.

    Tip: Remove groups using Remove and Remove All.

  11. Select the Endpoints tab.
  12. Assign the desired accessible endpoints to the role.
    Use one of the following methods to assign endpoints.

    13. Method

    Steps

    To assign individual endpoints:
    1. From the Available Endpoints table, select the check box(es) associated with the endpoint(s) you want to assign.
    2. Click Assign.

    To assign all endpoints:

    Click Assign All.

    Remove endpoints using Remove and Remove All.

  13. Click OK.
    Your new role is saved. It can now be assigned to users. Additionally, it can be edited from the Users and Roles page Roles tab.

Editing User Roles

Edit a custom user role as the needs of users associated with the role change. You can only edit custom roles (predefined system roles cannot be edited).

Edit roles from the Roles tab.

  1. From the Navigation Menu, select Tools > Users and Roles.
  2. Select the Roles tab.
  3. Click the Edit icon associated with the role you want to edit.
    The Edit Role dialog opens to the Information tab.
  4. Define the Information tab content.
    1. The Name field is a read-only and cannot be edited.
    2. [Optional] Edit the Description field.

      Tip: The optional description can be simple or detailed and may include information concerning the access right you are editing for the specific role.

    3. [Optional] Select a role template from the Role Template drop-down list.

      Tip: Any existing role can be used as a template. The selected role determines initial access rights. You can later change which access rights are assigned to the role.

  5. Select the Access Rights tab.
  6. [Optional] Selecting or clear the desired access rights.

    Tip: Select or clear the All check box to globally select or clear all access rights. Additionally, child access rights are unavailable until their parent access rights are selected.

  7. Select the Groups tab.
  8. [Optional] Assign accessible endpoint groups to the role. Use one of the following methods to assign groups.

    9. Method

    Steps

    To assign individual groups:
    1. From the Available Groups table, select the check box(es) associated with the group(s) you want to assign.
    2. Click Assign.

    To assign all groups:

    Click Assign All.
  9. [Optional] Remove accessible endpoint groups from the role. Use one of the following methods to remove groups.

    10. Method

    Steps

    To remove individual groups:
    1. From the Selected Groups table, select the check box(es) associated with the group(s) you want to remove.
    2. Click Remove.

    To remove all groups:

    Click Remove All.
  10. Select the Endpoints tab.
  11. [Optional] Assign accessible endpoints to the role.
    Use one of the following methods to assign endpoints.

    12. Method

    Steps

    To assign individual endpoints:
    1. From the Available Endpoints table, select the check box(es) associated with the endpoint(s) you want to assign.
    2. Click Assign.

    To assign all endpoints:

    Click Assign All.
  12. [Optional] Remove accessible endpoints from the role. Use one of the following methods to remove endpoints.

    13. Method

    Steps

    To remove individual endpoints:
    1. From the Selected Endpoints table, select the check box(es) associated with the endpoint(s) you want to remove.
    2. Click Remove.

    To remove all endpoints:

    Click Remove All.
  13. Click OK.
    Your edits are saved. The edited role is applied to all associated users.

Editing User Roles

Within Ivanti Endpoint Security, you can edit custom user roles, which can be assigned to users with unique access requirements.

Complete the dialog by defining the setting on each tab.

Disabling User Roles

You can disable any custom role, allowing you to maintain the role within Ivanti Endpoint Security without assigning it to users. You can enable, edit, and delete disabled roles. Disabled roles appear unavailable.

Disable roles from the Roles tab.

You cannot disable system roles: Administrator, Manager, Operator, Guest.

  1. From the Navigation Menu, select Tools > Users and Roles.
  2. Select the Roles tab.
  3. Select the check box(es) associated with the enabled custom role(s) you want to disable.
  4. Click Disable.
    The selected role(s) is disabled.

    Caution: If you disable a role currently assigned to a user, they can still log in to Ivanti Endpoint Security, but their access rights are heavily restricted.

Enabling User Roles

Enable roles when you want to reactive them.

Prerequisite: The role is a custom role and is disabled.

You cannot disable system roles: Administrator, Manager, Operator, Guest.

Enable roles from the Roles tab.

  1. From the Navigation Menu, select Tools > Users and Roles.
  2. Select the Roles tab.
  3. Find the desired role(s).
    1. Select Disabled from the Status drop-down list.

      Custom role(s) must have a status of Disabled to be enabled.

    2. Click Update View.
      The role list updates based on your search.
  4. Select the check box associated with the disabled role(s) you want to enable.
  5. Click Enable.
    The role is disabled and the denoted Wool Hat () icon is active again.

    6. The selected role(s) is enabled. You can now assign it to users.

    Users already assigned the previously disabled role will again be able to access Ivanti Endpoint Security with their full access rights.

Deleting User Roles

Delete custom user roles when they are no longer needed. You can delete roles regardless of whether they are enabled or disabled.

Delete custom roles from the Roles tab.

You cannot delete system roles: Administrator, Manager, Operator, Guest.

  1. From the Navigation Menu, select Tools > Users and Roles.
  2. Select the Roles tab.
  3. Find the desired user(s).
    Use one of the following methods.

    Method

    Steps

    To search for roles(s) by name:

    1. Type an applicable name in the Name field.
    2. Click Update View.

    To search for user(s) by role:

    1. Select the applicable role from the Status drop-down list.
    2. Click Update View.

    The role list updates based on your search.

  4. Delete the desired roles.
    Use one of the following methods.

    Method

    Steps

    To delete a single user role:

    1. Click the Delete icon associated with the role you want to delete.
    2. Click OK to acknowledge the deletion.

    To delete multiple user roles:

    1. Select the check boxes associated with the user roles that you want to delete.
    2. From the toolbar, click the Delete button.
    3. Click OK to acknowledge the deletion.

    You cannot delete system roles: Administrator, Manager, Operator, Guest.

    The role is deleted.

    Caution: If you delete a role currently assigned to a user, they can still log in to Ivanti Endpoint Security, but their access rights are heavily restricted.

Exporting User Role Data

You can export the data displayed on the Roles tab list so that it can be used in other applications. This data is exported to a comma-separated value (.csv) file.

To export data, click the Export button. For additional information, refer to Exporting Data.