This documentation is for WSO2 Enterprise Mobility Manager version 1.0.0. View documentation for the latest release.

Unknown macro: {next_previous_link3}
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Current »

Administrators can use MAM roles to group users together, so that policies can be assigned to a group of users easily. In addition, administrators can edit and delete existing roles, which have been created manually. Initially, the super tenant administrator will have to create users and assign the users to the "mamadmin" role. Thereafter, the tenant administrators will be able to manage the MAM users and roles. 

Default user roles

The following are the roles that are available by default in MAM:

EMM stores all MAM specific roles internally in the DB, which is shipped with EMM.

The super tenant administrator and tenant administrator have to initially log in to the Publisher to get the "Internal/publisher" and "Internal/reviewer" roles. Thereafter, only will the administrators be able to assign these roles to their tenants.

  • administrator - Role assigned to the super tenant administrator by default.
  • mdmadmin - Role assigned to the MAM administrator. This administrator will have full control over the MAM related interfaces with the exception of being able to create,edit or delete MAM administrators.
  • Internal/publisher - users in this role will be allowed to create new mobile apps (i.e., the author of a mobile app belong to this role).
  • Internal/reviewer - users in this role are considered as the store reviewers. Every mobile app needs to be reviewed by a user in this role, before the mobile app is published by the admin into the Store.
  • Internal/store - users in this role will be allowed to access the store and interact with the store mobile apps.
  • private_{username} - users’ private role. Every user in the MAM are automatically associated with a role that is created by prefixing their username with private_ . This role is used to control per user permissions.
  • Internal/everyone - This is a system reserved role to create system operations. 

    If you wish to prevent external operations being carried out by the Internal/everyone role, revoke operations from the role.

Permissions associated with user roles

User roleAllows Actions
AdministratorThe super tenant administrator belongs to this role. By default, a super tenant administrator will have full control on all the MAM related consoles.
mdmadminBy default, no permissions will be assigned to this feature. The super tenant administrator has to assign users to this role.
Internal/publisher
  • Log in to the Publisher and Store.
  • Create mobile apps.
  • Submit mobile apps to be reviewed.
  • Publish approved mobile apps.
  • Unpublish mobile apps.
  • Deprecate published mobile apps.
  • Retire deprecated mobile apps.
  • Deprecate unpublished assets.
Internal/reviewer
  • Log in to the Publisher.
  • Approve or reject mobile apps that have been submitted to be reviewed.
Internal/store
  • Log in to the Store.
  • Bookmark apps
  • Install apps.

private_{username}

By default, only the login permission to the Store and Publisher are assigned to this role. However, if there are permissions that need to be allowed to specific users, they can be assigned using this role. Administrators need to replace {username} with the respective user's username.

Creating a role

Follow the instructions below to create a role:

  1. On the Configurations tab in the MAM Console, click Roles.
  2. Click Add Role.
     
  3. Enter a name for the role.
  4. Optionally, select the users to be assigned to this role. The selected users appear in the right-hand list.
    • If you wish to filter the user list beforehand, enter the filter word in the filter text-box (e.g., if you enter "am", only the users who have the word "am" in their names are shown).
    • If you wish to specifically select a user, click on the user's name in the left-hand list.
    • If you wish to add all the displayed users to the selected list, click → →
    • If you wish to remove a user from the selected list, click on the user's name in the right-hand list.
    • If you wish to remove all the selected users, click ← ←
  5. Click Add.

Adding users to a role

Users who have been assigned to the "mamadmin" role, can not be assigned to any other user role.

Follow the instructions below to add users to a role:

  1. On the Configurations tab in the MAM Console, click Roles.
  2. Search for the role and click Assign Users in the Action column.
  3. Optionally, select the users to be assigned to this role. The selected users appear in the right-hand list.
    • If you wish to filter the user list beforehand, enter the filter word in the filter text-box (e.g., if you enter "am", only the users who have the word "am" in their names are shown).
    • If you wish to specifically select a user, click on the user's name in the left-hand list.
    • If you wish to add all the displayed users to the selected list, click → →
    • If you wish to remove a user from the selected list, click on the user's name in the right-hand list.
    • If you wish to remove all the selected users, click ← ←
  4. Click Assign. After the users are assigned to the role, the policies associated with the role will be enforced on the end-users devices.

Inviting users in a role

Follow the instructions below to invite all the users in a role, to register with the MDM:

  1. On the Configurations  tab in the MAM Console, click Roles.
  2. Search for the role and click Invite in the Action column. 
  3. Click OK to confirm the invitation process. The users who have been added to this role will receive an email inviting them to register with MDM.

Removing a role

Follow the instructions below to remove a role:

  1. On the Configurations tab in the MAM Console, click Roles.
  2. Search for the role and click Remove in the Action column. 
  3. Click OK to confirm the role removal process.
  • No labels