Available Rights
DSM provides various rights for the execution of tasks. Some are global rights and some are rights for an individual module.
The following contains an overview of all the rights for the individual modules and AddOns:
- Global Rights
- Virtual Environments
- MDM Integration
- HEAT Discovery
Global Rights
|
Right |
Possible Actions |
Explanation, Notes |
|---|---|---|
|
System right Read |
none |
The system right Read provides Read access to objects of the organization tree, the software library and system folders. This system right is mandatory and automatically assigned to all roles. The system role Read contains only the system right Read. |
|
System rights Open ... |
Open the respective areas in the DSM Console
|
The system rights Open: .... allow you to open the respective areas in the DSM Console. Note that these system rights only apply to the system roles with the same name Open: ... and cannot be assigned to any other role. |
|
Manage Users and Computers |
Add, copy, move, change Activate and deactivate |
Only in the Organization Tree. To copy objects you need the right to execute the task for the target, on the source the system right Read is sufficient. To move objects you need the right to execute the task for the target. |
|
Delete Users and Computers |
Move, delete |
Only in the Organization Tree. To move objects you need the right to execute the task for the source. |
|
Manage Groups |
Add, copy, move, change |
Only in the Organization Tree. Right to manage group objects. To copy groups you need the right to execute the task for the target, on the source the system right Read is sufficient. To move groups you need the right to execute the task for the target. |
|
Delete Groups |
Move, delete |
Only in the Organization Tree. Right to delete group objects. To move groups you need the right to execute the task for the source. |
|
Manage Group Members |
Add, delete |
Only in the Organization Tree. Right to assign members to a specific group object. |
|
Manage Group Memberships |
Add, delete |
Only in the Organization Tree. Right that makes a specific computer or group object member of the group. |
|
Manage OUs |
Add, copy, move, change |
Only in the Organization Tree. To copy the OU you need the right to execute the task for the target, on the source the system right Read is sufficient. To move the OU you need the right to execute the task for the target. |
|
Delete OUs |
Move, delete |
Only in the Organization Tree. To move the OU you need the right to execute the task for the source. To delete users or computers contained in the OU you need the Delete Users and Computers right. |
|
Manage Policies |
Assign packages in the organization tree to installation targets Change policies and policy instances |
Only in the Organization Tree. The Use Software right has to exist for the assigned package as well in order to change policies. For policy instances instead, the system right Read is sufficient. |
|
Manage Roles |
Add, change and delete role definitions |
Only in the root object of the organization tree and the software library! Thus only available for the Supervisor role. |
|
Assign Roles |
Add or remove user and user groups as role owners in an administration range. |
|
|
Manage Schema Extensions |
Add, display, change and delete user-defined properties of computers, users or packages in the Schema Manager |
Only in the root object of the Organization Tree and thus only available for the supervisor role. |
|
Use Software |
Assign packages and Software Sets in the software library to installation
targets Install software locally (F7) and uninstall software (F8) Change policies |
Only in the Software Library. The installation target must have the Manage Policies right; to install or uninstall locally, you only need Read access. |
|
Release Software |
Release, retire and return packages and software sets to production. |
Only in the Software Library. |
|
Manage Software |
Create, copy, move and change packages and Software Sets Move package to another repository Specify and change distribution |
Only in the Software Library. To copy packages or Software Sets you need the right to execute the task for the target, on the source the system right Read is sufficient. To move packages or Software Sets you need the right to execute the task for the target. |
|
Delete Software |
Move and delete packages and Software Sets |
Only in the Software Library. To move packages or Software Sets you need the right to execute the task for the source. |
|
Manage Software Categories |
Add, copy, move, change |
Only in the Software Library. To copy software categories you need the right to execute the task for the target, on the source the system right Read is sufficient. To move software categories you need the right to execute the task for the target. |
|
Delete Software Categories |
Move, delete |
Only in the Software Library. To move software categories you need the right to execute the task for the source. |
|
Manage Software Folders |
Add, copy, move, change |
Only in the Software Library. To copy software folders you need the right to execute the task for the target, on the source the system right Read is sufficient. To move software folders you need the right to execute the task for the target. |
|
Manage Software Folders |
Move, delete |
Only in the Software Library. To move software folders you need the right to execute the task for the source. To delete packages or Software Sets contained in the software folder you need the Delete Software right. |
|
Use Unreleased Software |
Assign packages and Software Sets (in the software library) that are not released to installation targets Change policies Execute pilot installation |
Only in the Software Library. The Manage Policies right has to exist for the installation target. |
|
Manage AutoInsert Rules |
Add, change or delete AutoInsert rules
|
Only in the root object of the Organization Tree and thus only available for the supervisor role. |
| View Management Reports |
Action range limited to the Managed Users & Computers container. |
|
| View Infrastructure Monitoring |
Action range limited to the Managed Users & Computers container. |
|
| Manage Monitoring Definitions |
Action range limited to the Managed Users & Computers container. |
|
|
Execute User-Defined Tasks |
||
| Open Client Logfiles | Right to open client logfiles for read access | |
| Reinstall Computer | Right to reinstall a computer | |
| Edit Installation Targets | Distribution targets can be created and deleted | |
| Prepare Reference Computer | Right to create a system image of a reference computer; part of the Imaging feature | |
| Manage Variables | Create, change, delete variables and variable groups | Only in the root object of the Organization Tree and thus only available for the Supervisor role. |
|
Assign Variable |
Assign variables to objects | |
|
Manage user-defined HTML windows |
Create, change, delete user-defined HTML windows | Only in the root object of the Organization Tree and thus only available for the Supervisor role. |
HEAT Discovery
|
Right |
Explanation, Notes |
|---|---|
|
(Discovery) Start Console |
This task is the fundamental requirement for working with the Discovery Console |
Virtual Environments
|
Right |
Explanation, Notes |
|---|---|
| Run VM Host | Only in the Virtual Environments system container. |
| Manage VM Host | Only in the Virtual Environments system container. |
| Delete VM Host | Only in the Virtual Environments system container. |
Mobile Device Management Integration
|
Right |
Explanation, Notes |
|---|---|
|
Manage Mobile Devices |
In the DSM Console the user interface for the management of mobile devices can be opened. In addition, the details of the mobile devices can be displayed. |