7.22 User Rights

The User Rights dialog box lets you control the operations that the selected administrator can perform on users.

7.22.1 Contexts

Specify the User folders (contexts) that you want the administrator’s User rights to apply to. To select a folder, click Add to display the Contexts dialog box, browse for and select the folder (or multiple folders), then click OK. The rights also apply to the folder’s subfolders.

7.22.2 Privileges

The Privileges section lets you grant the selected administrator rights to work with users and folders listed in the Contexts section.

The following rights are available:

RIGHT

OPERATIONS CONTROLLED BY THE RIGHT

NOTES

View Leaf

  • View the contents in the specified context (folder and subfolders)

Setting the View Leaf right to Deny forces all other User rights to Deny. The View Leaf right must be set to Allow to perform any other user operations.

Modify

  • Rename a user container

  • Change a user to a test user

  • Change a test user to a non-test user

 

Modify ZENworks Group Membership

  • Add users to a ZENworks user group

  • Remove users from a ZENworks user group

In addition to this right, an administrator must also have the ZENworks User Group Rights - Modify ZENworks Group Membership right for the ZENworks user group whose membership is being modified.

For example, to add a user to ZENUSERGROUP1, an administrator must have these two rights:

  • Modify ZENworks Group Membership (this right)

  • ZENworks User Group Rights - Modify ZENworks Group Membership right for ZENUSERGROUP1

View Audit Log

  • View a user’s Audit tab and the events logged to that tab

  • View a user group’s Audit tab and the events logged to that tab

  • View a user folder’s Audit tab and the events logged to that tab

In addition to this right, an administrator must have the User Source Rights - View Audit Log right for the user sources containing the target contexts.

This right does not allow the administrator to view event details. To view event details, the administrator must have the View Audit Event right.

View Audit Events

  • View a user’s Audit tab, the events logged to that tab, and the details for the events

  • View a user group’s Audit tab, the events logged to that tab, and the details for the events

  • View a user folder’s Audit tab, the events logged to that tab, and the details for the events

In addition to this right, an administrator must have the User Source Rights - View Audit Event right for the user sources containing the target contexts.

Setting the View Audit Events right to Allow forces the View Audit Log right to Allow.

Wipe Intune App Data

Wipe Intune App Data on devices.

 

Assign Bundles

  • Assign bundles to users, user groups, and user folders

  • Assign bundle groups to users, user groups, and user folders

  • Remove bundle assignments from users, user groups, and user folders

  • Remove bundle group assignments from users, user groups, and user folders

To assign bundles to users, groups, and folders, an administrator needs this right and the Bundle Rights – Assign Bundles right. In other words, the administrator needs Assign Bundles rights for the bundle and the user to which the bundle is being assigned.

Assign Policies

  • Assign policies to users, user groups, and user folders

  • Assign policy groups to users, user groups, and user folders

  • Remove policy assignments from users, user groups, and user folders

  • Remove policy group assignments from users, user groups, and user folders

To assign policies to users, groups, and folders, an administrator needs this right and the Policy Rights – Assign Policies right and the Policy Rights - Manage Configuration Policies or Policy Rights - Manage Security Policies right.

For example, to assign a Security policy to a user, an administrator must have the following three rights:

  • Assign Policies (this right)

  • Policy Rights - Assign Policies

  • Policy Rights - Manage Security Policies