Management and Security powered by Landesk

Console rights reference

Console rights provide access to specific Endpoint Manager tools and features. Users must have the necessary rights to perform corresponding tasks. For example, in order to remote control devices in their scope, a user must be part of a group that has the remote control right.

Role-based administration includes the following permissions:

  • Administrator
  • Agent configuration
  • Alerting
  • Basic Web console
  • Content replication
  • Core synchronization
  • Custom data forms
  • Device management
    • Add or delete devices
    • Device monitoring
    • Device power control
    • Manage local users and groups
    • Manage public device groups
    • Unmanaged device discovery
  • Inspector
  • Link management
  • OS provisioning
  • Power management
  • Public query management
  • Refresh scopes
  • Remote control tools
    • Chat
    • Execute programs
    • Reboot
    • Remote control
    • Transfer files
  • Reporting
    • Report designer
    • Reports
  • Security
    • Patch and compliance
    • Security configurations
  • Software distribution
    • Delivery methods
    • Directory management
    • Distribution packages
    • Link management
    • Manage scripts
  • Software license monitoring
  • User administration
  • vPro

See the descriptions below to learn more about each permission and how permissions can be used to create administrative roles.

NOTE: Scope controls access to devices
Keep in mind that when using the features allowed by these permissions, users will always be limited by their scope (the devices they can see and manipulate).

Endpoint Manager Administrator

The Endpoint Manager Administrator permission provides full access to all of the application tools (however, use of these tools is still limited to the devices included in the administrator's scope).

The Endpoint Manager Administrator permission provides users the ability to:

  • Manage users with the Users tool.
  • See and configure product licensing in the Configure menu.
  • Configure Ivanti services.
  • IMPORTANT: Perform ALL of the Endpoint Manager tasks allowed by the other permissions.

Agent configuration

  • No rights: Can’t see the tool.
  • View: Can see this tool and can view anything. Can’t change anything.
  • Edit: Can see and change anything. Can’t deploy an agent configuration job.
  • Deploy: Can see everything. Can’t change anything. Can schedule any agent configuration task that they can see (including public).
  • Edit public: Can assign configurations to public. Can edit public configurations.

Alerting

  • No rights: Can’t see the tool.
  • View: Can see this tool and can view anything. Can’t change anything.
  • Edit: Can see and change anything. Can’t deploy.
  • Deploy: Can see everything. Can’t change anything. Can deploy.

Basic Web console

  • No rights: Can’t log into Web console.
  • View: Not applicable.
  • Edit: Can log into Web console and see the most basic things.
  • Deploy: Not applicable.

Content replication

  • No rights: Can’t see the tool.
  • View: Can see this tool and can view anything. Can’t change anything.
  • Edit: Can see and change anything.
  • Deploy: Not applicable.

Core synchronization

  • No rights: No core synchronization tool. No right-click options to Autosync or Copy to core. Still show import and export options. (These are tied into the "Edit" right for the tool that has these options.)
  • View: Can see the tool, but can't make any changes. Still no synchronization options in context menus as above.
  • Edit: Can do everything. Add/remove target cores, turn components on and off, enable auto sync on instances, and manual sync.
  • Deploy: Not applicable.

Custom data forms

  • No rights: Can’t see the tool.
  • View: Can see this tool and can view anything. Can’t change anything.
  • Edit: Can see and change anything. Can’t deploy.
  • Deploy: Can see everything. Can’t change anything. Can deploy.

Device management

Add / Delete devices
  • No rights:
    • Can’t see the Insert new computer option in the context menu when viewing All devices in the Network view.
    • Can’t see the Delete option in the context menu when selecting a device in the Network view.
    • Can’t see the Network view > Configuration > User added computers tree node.
  • View: Not applicable.
  • Edit:
    • Can see and use the Insert new computer option in the context menu when viewing All devices in the Network view.
    • Can see and use the Delete option in the context menu when selecting a device in the Network view.
    • Can see the Network view > Configuration > User added computers tree node.
  • Deploy: Not applicable.
Device monitoring
  • No rights: Can’t see Device monitoring from the Configure menu.
  • View: Can see the Alerting tool and Logs tool. Can see information in the Device monitoring tool. Can't edit it.
  • Edit: Can see the Alerting tool and Logs tool. Can see and edit information in the Device monitoring tool.
  • Deploy: Not applicable.
Device power control
  • Edit: Can see and use Wake up, Reboot and Shutdown options in the context menu when selecting a device.
Manage local users and groups
  • Edit: Can see and use Manage local users and groups in the context menu when selecting a device.
Manage public device groups
  • No rights: Can’t change anything in Public devices.
  • View: Not applicable.
  • Edit: Not applicable.
  • Deploy: Not applicable.
  • Edit Public: Can create, delete and change device groups in Public devices. Can move a device group into Public devices.
Unmanaged device discovery
  • No rights: Can’t see the UDD tool.
  • View: Can open the UDD tool and view any item. Can’t create/delete/edit anything.
  • Edit: Can open the UDD tool and view any item. Can create/delete/edit anything.
  • Deploy: Can open the UDD tool and view any item. Can’t create/delete/edit anything. Can schedule a UDD task.

Inspector

  • No rights: Can’t see the Inspector tool.
  • View: Can open the Inspector tool and view any item.

OS provisioning

  • No rights: Can’t see the OS provisioning tool.
  • View: Can see the tool. Can’t change anything.
  • Edit: Can create, edit and delete items. Can't schedule tasks.
  • Deploy: Can schedule tasks for items that they can see (including public). Can't create, edit and delete items.
  • Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

Power management

  • No rights: Can’t see the Power Management tool.
  • View: Can see the tool. Can’t change anything.
  • Edit: Can create, edit and delete items. Can't schedule tasks.
  • Deploy: Can schedule tasks for items that they can see (including public). Can't create, edit and delete items.
  • Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

Public query management

  • No rights: Regular behavior.
  • View: Not applicable.
  • Edit: Not applicable.
  • Deploy: Not applicable.
  • Edit Public: Can move queries to the Public folder. Can create, edit or delete queries in the Public folder.

Refresh scopes

  • No rights: The Network view's Refresh scopes toolbar button doesn't do anything.
  • Edit: The Network view's Refresh scopes toolbar button updates all scopes. Use this when you've added devices to a scope or changed a user's scope and you want that user to see the new scope. Otherwise the scope refresh can wait up to an hour before it occurs automatically.

Remote control tools

Chat
  • Edit: Can see the Remote control > Chat option and can use it. The Chat option is enabled in the Remote control window.
Execute programs
  • Edit: Can see the Remote control > Execute program option and can use it. The Execute program option is enabled in the Remote control window.
Reboot
  • Edit: Can see the Remote control > Reboot option and can use it. The Reboot option is enabled in the Remote control window.
Remote control
  • No rights: Can’t see the Remote control > Remote control option in the context menu.
  • View: Can see the Remote control > Remote control option and can remote control a device. Can’t take control of the device (view only).
  • Edit: Can see the Remote control > Remote control option and can remote control and take control of a device.
  • Deploy: Not applicable.
Transfer files
  • Edit: Can see the Remote control > Transfer files option and can use it. The Transfer files option is enabled in the Remote control window.

Reporting

Report designer
  • No rights: Can't open the designer.
  • View: Not applicable.
  • Edit: Can open the designer and create or edit reports.
  • Deploy: Not applicable.
  • Edit public: Not applicable.
Reports
  • No rights: Can't see the tool.
  • View: Can see this tool and can view reports. Can run reports. Can't change anything.
  • Edit: Can see reports and change report properties. This right alone doesn't allow access to the designer; the Report designer edit right is required to access the designer.
  • Deploy: Can schedule and publish reports.
  • Edit public: Can move reports into the Public group.

Security

Network access control
  • No rights: Can’t see the tool.
  • View: Can see this tool and can view anything (such as the 802.1x configuration). Can’t change anything.
  • Edit: Can see and change anything, including publishing NAC settings.
  • Deploy: Not applicable.
Patch and compliance
  • No rights: Can’t see the tool. Can’t see any scheduled tasks or policies in software distribution that are created from the tool.
  • View: Can see the tool. Can see everything inside. Can't download content, create/edit/delete configurations, or change anything. Access is read-only.
  • Edit: Can see the tool. Can see everything inside. Can edit anything. Can’t schedule anything, including: content downloads, scan jobs, repair jobs, gather history, etc.
  • Deploy: Can see the tool. Can see everything inside. Can't modify anything, but can create a task or policy using the information there for items that they can see (including public).
  • Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.
Security configurations
  • No rights: Can’t see the tool. Can’t see any scheduled tasks or policies in the Scheduled tasks window that are created from this tool.
  • View: Can see this tool and the Security Activities tool. Can look at but not change any configurations or create any tasks.
  • Edit: Can see the tool and the Security Activities tool. Can see everything inside. Can edit anything. Can’t schedule anything.
  • Deploy: Can see the tool and the Security Activities tool. Can see everything inside. Can't modify anything, but can create a task or policy to deploy this to a client or change its configuration for items that they can see (including public).
  • Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

Software distribution

Delivery methods
  • View: Can see the tool and everything in it.
  • Edit: Can create/edit/delete methods.
  • Deploy: Not applicable.
  • Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.
Directory management
  • View: Can see the tool and everything in it (assuming someone has authenticated already).
  • Edit: Can authenticate to a new directory and can see everything and can create/edit/delete queries.
  • Deploy: Not applicable.
Distribution packages
  • View: Can see the tool and everything in it.
  • Edit: Can create/edit/delete packages.
  • Deploy:
    • Can deploy a package in the distribution package tool.
    • Can use the Create software distribution task button in the Scheduled tasks tool.
    • Can use the Create custom script task button in the Scheduled tasks tool.
    • This applies to all items that they can see (including public).
  • Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.
Link management
  • No rights: Can’t see the Link management tool.
  • View: Can see the tool. Can’t change anything.
  • Edit: Can create, edit, and delete items. Can't schedule a task/policy.
  • Deploy: Can't create, edit, and delete items. Can schedule a task/policy.
Manage scripts
  • View: Can see this tool and can view anything. Can’t change anything.
  • Edit: Can see and change anything. Can’t schedule a task.
  • Deploy: Can schedule tasks for items that they can see (including Public). Can't create, edit and delete items.
  • Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

Software license monitoring

  • No rights: Can’t see the Software license monitoring tool.
  • View: Can see everything. Can’t change anything.
  • Edit: Can see and edit anything.
  • Deploy: Not applicable.

User administration

  • No rights: Can’t see the Users tool.
  • View: Can see everything. Can’t change anything.
  • Edit: Not applicable.
  • Deploy: Not applicable.

vPro

  • No rights: Can't view or change vPro information and settings.
  • View: Not applicable.
  • Edit: Can view and change vPro information and settings.
  • Deploy: Not applicable.

Additional information about scheduled tasks

  • If someone has "Deploy" rights for a tool that uses tasks that can be scheduled, they can see the scheduled task tool.
  • If someone has "Deploy" rights they have rights to modify any part of the type of task that they have "Deploy" rights for (for example, agent configuration, software distribution, Patch, etc.).
  • If someone has "Deploy" rights, they can change only the Target and the Schedule panes of a Public task.
  • If someone has "Deploy" rights and "Edit Public" rights, they can make any changes to Public tasks and can move tasks to and from the Public folder.
  • If someone has "Edit Public" rights but not "Deploy" rights, they can't edit any task of that type, including Public tasks.

 


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other