Roles Management
Roles are packaged groups of permissions that allows granting a set of permissions to an administrative user, while limiting their access to control specific areas of functionality. Ivanti Neurons for MDM provides a set of system roles that can be assigned (or edited) and a facility to create custom roles. Starting from Ivanti Neurons for MDM 108 you can search for specific permission based on the category and all the options that are associated with the specific role or permission in the UI are displayed. A tool tip is displayed for the permissions that are added as dependent permissions.
The Roles Management page and the associated options are hidden for converged tenants who have access to both Ivanti Neurons for UEM and Ivanti Neurons for MDM.
There are two kinds of permissions available, and therefore two kinds of roles:
- Space-specific roles - The permissions are Space-specific, and therefore apply in a specific Space only. Examples are Device Management, App Management in a Space.
- Cross-Space roles - The permissions are, by nature, applicable to all roles. Examples are tenant-level settings such as MDM Certificates, App Catalog Settings.
Creating a custom role
You can create a custom cross-Space or Space-specific roles. When you select a permission, the dependent permissions will be selected automatically. Accordingly, a user assigned with a custom role can only perform the specific actions (such as retire, wipe) that are available when the user visits the Devices page or the Device Details page.
When you apply the View User Registration PIN custom role, users can view the PIN of other users that have the same access level or with lesser privileges and the users cannot create PINs for other users.
The newly created custom role can not be assigned to anyone automatically. The tenant super admin needs to assign it to the required admin users who can later assign the same to other users as needed.
Procedure
- Go to Admin > Roles Management.
- Click +Add Custom Role.
- In the Create Role page, enter the Name of the new role.
- (Optional) add a description for the new role.
- Under Role Type, select one of the following role types:
- Cross-Space Role
- Space-Specific Role
- Under Permissions, select the required granular permissions.
- Click Save.
See the following table for Admin and User permissions.
The following table lists the permissions, roles, and attributes you can use to create a custom role:
Role Type |
Permissions Category |
Granular Permissions |
---|---|---|
Cross-Space Role |
||
Admin |
||
|
Manage Custom Attributes |
|
Support Administrators |
|
|
Certificate Authority |
|
|
Connector |
|
|
LDAP Management |
All LDAP permissions in this section require View Connector permission. It will be automatically selected in the Connector section when you select any of these LDAP permissions. |
|
Licensing Management |
View Licenses |
|
|
||
Users |
||
User Management Actions |
|
|
Assign Custom User Attribute |
|
|
User Groups |
|
|
|
Report Management |
|
Devices |
||
Bulk Enrollment |
|
|
Space-Specific Role |
||
Devices |
||
Device Actions |
|
|
Assign Custom Device Attributes |
All Assign Custom Device Attribute permissions in this section require Device Read permission. It will be automatically selected in the Device Actions section when you select any of these Assign Custom Device Attribute permissions. |
|
Device Configurations |
|
|
Device Groups |
|
|
Bulk Enrollment |
|
|
App Inventory |
|
|
Configurations |
||
Configurations |
|
|
Policies |
||
Policies |
|
To edit a role, go to Admin, Roles Management page and click the edit icon under Actions against the name of the role. A user cannot edit a cross-space role to a space-specific role and vice versa.
Related topics:
-
To assign a custom role to a user, see Assigning Roles.
-
See User Roles for a list of default roles.