Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

By default, EMM includes a set of roles. These default roles and permissions have been explained in the following subsections.

...

The following are the roles that are available by default in EMM:

  • administrator - Role assigned to the super tenant administrator by default.

    Info

    If you are defining the permissions for an EMM administrator who needs to perform operations and configure policies, make sure to select admin-device-access. The admin-device-access permission allows the user to perform operations and configure policies for devices.

    Expand
    titleClick here fore more information on adding a new administrator role.

     If you wish to create a user with administrative permission other than the default administrator in EMM, follow the steps given below:

    1. Add a new a role.
    2. Configure role permissions by giving the respective user the permission for admin-device-access specifically.
  • Internal/everyone - This is a system reserved role to create system operations. 

    Info

    Roles with internal/ depict the internal roles that are stored in the DB that is shipped with EMM. If you wish to prevent external operations being carried out by the Internal/everyone role, revoke operations from the role.

Note

It must be noted that all roles starting with Application/ are created for Service Providers (i.e., Application/admin_emm). These roles only have permission to subscribe to the respective Service-provider application. Therefore make sure not to assign users to the roles starting with Application/.

 

Permissions associated with user roles

...