7.6 Device Rights

The Device Rights dialog box lets you control the operations that the selected administrator can perform on devices.

7.6.1 Contexts

Specify the Device folders (contexts) that you want the administrator’s Device rights to apply to. To select a folder, click Add to display the Contexts dialog box, browse for and select the folder (or multiple folders), then click OK. The rights also apply to the folder’s subfolders.

7.6.2 Privileges

The Privileges section lets you grant the selected administrator rights to work with devices, including device groups and folders listed in the Contexts section.

The following rights are available:

RIGHT

OPERATIONS CONTROLLED BY THE RIGHT

NOTES

View Leaf

  • View the contents in the specified context (folder and subfolders)

Setting the View Leaf right to Deny forces all other Device rights to Deny. The View Leaf right must be set to Allow to perform any other device operations.

Modify

  • Retire a device

  • Rename a device

  • Acknowledge device messages

  • Change a device to a test device

  • Change a test device to a non-test device

  • Copy device settings (from the Settings tab) to other devices

  • View and edit a device’s detailed inventory (Detailed Software Hardware Inventory link on the Inventory tab)

To copy device settings, the administrator also needs the Modify Settings right.

Create/Delete

  • Create managed devices by importing device information from a CSV file

  • Create managed devices by manually adding device information

  • Delete a device

  • Move a device

 

Modify Groups

  • Rename a device group

  • Change a device group’s description

To change a device group’s description, an administrator needs this right and the Modify right.

Create/Delete Groups

  • Create a device group

  • Delete a device group

  • Move a device group

Setting the Create/Delete Groups right to Allow forces the Modify Groups right to Allow. This means that an administrator who creates a group also receives rights to modify it.

Modify Group Membership

  • Add devices to a device group

  • Remove devices from a device group

  • Change criteria for a dynamic device group

 

Modify Folders

  • Rename a device folder

  • Change a device folder’s description

 

Create/Delete Folders

  • Create a device folder

  • Delete a device folder

  • Move a device folder

Setting the Create/Delete Folders right to Allow forces the Modify Folders right to Allow. This means that an administrator who creates a folder also receives rights to modify it.

Modify Settings

  • Edit settings on a device’s Settings tab

This right applies to devices and device folders. It does not apply to device groups because device groups do not have a Settings tab.

View Audit Log

  • View a devices’ Audit tab and the events logged to that tab

  • View a device group’s Audit tab and the events logged to that tab

  • View a device folder’s Audit tab and the events logged to that tab

This right does not allow the administrator to view event details. To view event details, the administrator must have the View Audit Event right.

View Audit Events

  • View a device’s Audit tab, the events logged to that tab, and the details for the events

  • View a device group’s Audit tab, the events logged to that tab, and the details for the events

  • View a device folder’s Audit tab, the events logged to that tab, and the details for the events

Setting the View Audit Events right to Allow forces the View Audit Log right to Allow.

Configure Audit Settings

  • Configure which events to audit for a bundle (bundle object > Settings tab > Audit Management > Events Configuration)

  • Configure which events to audit for a bundle group (bundle group object > Settings tab > Audit Management > Events Configuration)

  • Configure which events to audit for a bundle folder (bundle folder object > Settings tab > Audit Management > Events Configuration)

 

Assign Bundles

  • Assign bundles to devices, device groups, and device folders

  • Assign bundle groups to devices, device groups, and device folders

  • Remove bundle assignments from the objects listed above

  • Remove bundle group assignments from the objects listed above

To assign bundles to devices, groups, and folders, an administrator needs this right and the Bundle Rights – Assign Bundles right. In other words, the administrator needs Assign Bundle rights for the bundle and the device to which the bundle is being assigned.

Assign Policies

  • Assign policies to devices, device groups, and device folders

  • Assign policy groups to devices, device groups, and device folders

  • Remove policy assignments from the objects listed above

  • Remove policy group assignments from the objects listed above

To assign policies to devices, groups, and folders, an administrator needs the following rights:

  • Assign Policies (this right)

  • Policy Rights - Assign Policies

  • Policy Rights - Manage Configuration Policies or Policy Rights - Manage Security Policies

In other words, an administrator needs Assign Policy rights for the policy and the device to which the policy is being assigned, and he needs the Manage Configuration Policies or Manage Security Policies right depending on whether the policy is a Configuration or Security policy.

Assign Locations

  • Assign locations and network environments to devices and device folders

  • Assign startup locations and network environments to devices and device folders

This right does not apply to device groups because device groups do not have a Locations tab.

View Detailed Inventory

  • View a devices detailed inventory (Detailed Software/Hardware Inventory link on Inventory tab)

This right controls view-only access. If you want an administrator to be able to edit the detailed inventory, the administrator needs the Modify right.

Manage ERI

  • Download a device’s ERI file

  • View an ERI file’s password

  • Delete an ERI file