Administrative Roles

Administrative Roles determine which objects a user of the Console is allowed to see and to manage. This enables delegation of control over the IvantiWorkspace Control site.

Each Administrative Role is defined by the following aspects:

  • Its permissions determine which nodes and objects are shown in the Console, and whether they can be viewed or edited.

  • Can edit objects in the Console for the users and Workspace Control Containers set in Scope Control. This is based on the Access Control and Workspace Control set on those objects.

  • The Access Control and Workspace Control sets the users who gain the Administrative Role, including location and time period, only if they belong to specific Workspace Containers.

  • Administrative Roles can also be selected as part of Access Control on applications and settings. This allows you to use Administrative Roles to create custom groups of users, independent of the groups available in the available Directory Services. Remember to use a very restricted set of permissions for Administrative Roles used in this way.
  • You can achieve more granular delegation of control by assigning different permission levels to a node’s list of objects and its settings for Administrative Roles. For example, a role can have "modify" rights to the Printers tab, but read-only access to the Settings tab and exception tabs for Printers. When upgrading Workspace Control, the same permissions will be applied to both tabs that were assigned to the whole feature, i.e. if Printers had "Read" rights, both tabs will get "Read" rights. When downgrading Workspace Control, the lowest rights will be applied, i.e. if the Printers tab had "Modify" rights and the Settings tab "Read", "Read" rights will be applied to both tabs.