Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version 3

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Follow the instructions below to configure the role permissions:

  1. Sign in to the EMM console and click the menu icon.
  2. Click Role Management.
  3. Click Edit Permissions on the role you wish to configure.

  4. Select or remove the permissions as required. 
    As the permissions are categorized, when the main permission category is selected, all its sub-permissions will get selected automatically. 

    Note

    If you are defining the permission for an administrator, make sure to select admin-device-access .

  5. click Update Role Permissions.

...

Excerpt

 The following section describes the permission associated with the APIs under different areas:
 

Localtabgroup
Localtab
titleAndroid

Permissions related to the Android platform

The following section describes the permissions associated with the APIs:

Permission

Description

device-mgt/android/devices/enroll

Permission to access the device enrollment API.

device-mgt/android/devices/list

Permission to access the get all devices API.

device-mgt/android/devices/update

Permission to access the device information update API.

device-mgt/android/devices/update-app

Permission to access the device application list update API.

device-mgt/android/devices/view

Permission to access the get device API.

device-mgt/android/license/view

Permission to access the get android license API.

device-mgt/android/operations/{OPERATION_NAME}

There are several permissions that have the same format. Each one of those permissions represents a permission required to access a API related to Android device operations.

Example: device-mgt/android/operations/lock permission governs the access to lock the operation API.

device-mgt/android/operations/poll

Permission to access the get pending-operations API.

device-mgt/android/policies/view

Permission to access the get effective policy & features API.

device-mgt/android/tenant/configuration/view

Permission to access the get android configuration API.

device-mgt/android/tenant/configuration/modify

Permission to access the add/update android configuration APIs.

Localtab
titleiOS

Permissions related to the iOS platform

The following section describes the permissions associated with the APIs:

PermissionDescription
/device-mgt/ios-enrollment/licensePermission required to access retrieve the iOS license API.
/device-mgt/ios/operation/updateoperationPermission required to access the update operation API.
/device-mgt/ios/operation/cellularPermission required to access the cellular operation adding API.
/device-mgt/ios/operation/apnPermission required to access the APN operation adding API.
/device-mgt/ios/operation/ldapPermission required to access the LDAP operation adding API.
/device-mgt/ios/operation/emailPermission required to access email operation adding API.
/device-mgt/ios/operation/enterpriseapplicationPermission required to access the enterprise application operation adding API.
/device-mgt/ios/operation/storeapplicationPermission required to access the store application operation adding API.
/device-mgt/ios/operation/removeapplicationPermission required to access the remove application operation adding API.
/device-mgt/ios/operation/applicationlistPermission required to access the application list operation adding API.
/device-mgt/ios/operation/profilelistPermission required to access the profile list operation adding API.
/device-mgt/ios/operation/lockPermission required to access the lock operation adding API.
/device-mgt/ios/operation/enterprisewipePermission required to access the enterprise wipe operation adding API.
/device-mgt/ios/operation/deviceinfoPermission required to access the device info operation adding API.
/device-mgt/ios/operation/restrictionPermission required to access the restriction operation adding API.
/device-mgt/ios/operation/wifiPermission required to access the WiFi operation adding API.
/device-mgt/ios/operation/alarmPermission required to access the alarm operation adding API.
/device-mgt/ios/operation/locationPermission required to access the location operation adding API.
/device-mgt/ios/operation/airplayPermission required to access the airplay operation adding API.
/device-mgt/ios/operation/caldavPermission required to access the CalDav operation adding API.
/device-mgt/ios/operation/calsubscriptionPermission required to access the calendar subscription operation adding API.
/device-mgt/ios/operation/passcodepolicyPermission required to access the passcode policy operation adding API.
/device-mgt/ios/operation/webclipPermission required to access the webclip operation adding API.
/device-mgt/ios/operation/vpnPermission required to access the VPN operation adding API.
/device-mgt/ios/operation/perappvpnPermission required to access the per app VPN operation adding API.
/device-mgt/ios/operation/apptoperappvpnmappingPermission required to access the app to per app VPN mapping operation adding API.
/device-mgt/ios/operation/applockPermission required to access the app lock operation adding API.
/device-mgt/ios/operation/clearpasscodePermission required to access the clear passcode operation adding API.
/device-mgt/ios/operation/messagePermission required to access the message operation adding API.
/device-mgt/ios/operation/removeprofilePermission required to access the remove profile operation adding API.
/device-mgt/ios/operation/installedrestrictionsPermission required to access the installed restrictions operation adding API.
/device-mgt/ios/configurationPermission required to access the configuration operation adding API.
/device-mgt/ios/configurationPermission required to access the configuration get operation API.
/device-mgt/ios/configurationPermission required to access the configuration update operation API.
/device-mgt/ios/device/infoPermission required to access the get device info API.
/device-mgt/ios/device/pushtokenPermission required to access the update APNS token API.
/device-mgt/ios/device/locationPermission required to access the update location operation API.
/device-mgt/ios/device/udidPermission required to access the operation adding API.
/device-mgt/ios/device/applicationsPermission required to access the get application list API.
Localtab
titleWindows

Permissions related to the Windows platform

The following section describes the permissions associated with the APIs:

Permission

Description

device-mgt/windows/devices/getBST

Permission to access the get BST API.

device-mgt/windows/devices/getPolicy

Permission to access the get CSR policy API.

device-mgt/windows/devices/requestSecurityToken

Permission to access the provide CSR API.

device-mgt/windows/operations/{OPERATION_NAME}

There are several permissions adhering to this format. Each one of those permissions represents a permission required to access a API related to windows device operations.

Example: device-mgt/windows/operations/lock permission will govern the access to lock the operation API.

device-mgt/windows/policies/view

Permission to access the get effective policy & features API.

device-mgt/windows/license/view

Permission to access the get windows license API.

device-mgt/windows/tenant/configuration/view

Permission to access the get windows configuration API.

device-mgt/windows/tenant/configuration/modify

Permission to access the add/update windows configuration APIs.

Localtab
titleEMM admin

Permissions related to the EMM Admin

The following section describes the permissions associated with the APIs:

  

admin-device-access

Allows user to perform operations and configure policies for any device.

device-mgt/devices/count

Permission to access the device count API.

device-mgt/devices/list

Permission to access the get all devices API.

device-mgt/devices/types

Permission to access the get all device types API.

device-mgt/devices/view

Permission to access and retrieve device information from the APIs.

device-mgt/features/view

Permission to access and retrieve device features from the APIs.

device-mgt/notifications/view

Permission to access the get all notifications API.

device-mgt/notifications/add

Permission to access the add notification API.

device-mgt/operations/view

Permission to access the get all operations API.

device-mgt/operations/add

Permission to access the add operation API.

device-mgt/operations/application/view

Permission to access the get applications of the device API.

device-mgt/operations/application/install

Permission to access the add application-install operation API.

device-mgt/operations/application/uninstall

Permission to access the add application-uninstall operation API.

device-mgt/policies/view

Permission to access and retrieve policy information from the APIs.

device-mgt/policies/add

Permission to access the APIs related to add policy.

device-mgt/policies/delete

Permission to access the delete policy API.

device-mgt/policies/update

Permission to access theAPIs related to update policies.

device-mgt/policies/bulk-remove

Permission to access the bulk-policy delete API.

device-mgt/policies/compliance

Permission to access the policy-complaince API.

device-mgt/policies/task

Permission to access the APIs related to policy task service (start/update/stop task).

device-mgt/profiles/add

Permission to access the add profile API.

device-mgt/profiles/delete

Permission to access the delete profile API.

device-mgt/profiles/update

Permission to access the modify profile API.

device-mgt/roles/add

Permission to access the add role API.

device-mgt/roles/delete

Permission to access the delete role API.

device-mgt/roles/update

Permission to access the modify role API.

device-mgt/users/view

Permission to access the get user details API.

device-mgt/users/add

Permission to access the add user API.

device-mgt/users/delete

Permission to access the delete user API.

device-mgt/users/update

Permission to access the modify user API.

device-mgt/users/devices

Permission to access the get user devices API.

device-mgt/users/invite

Permission to access the invite user API.

device-mgt/users/reset-password

Permission to access the reset user password API.

device-mgt/users/roles

Permission to access the get user roles API.

device-mgt/tenant/configuration/view

Permission to access the get general configuration API.

device-mgt/tenant/configuration/modify

Permission to access the update general configuration API.

Localtab
titleOther

Other permissions

The following section describes the permissions associated other functions:

  

device-mgt/Device Management Admin/*

Defines the permission to access the UI.

login

Enables users to login.