Explanation of Role Based Administration (RBA) rights

Version 4

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x

    Explanation of Role Based Administration (RBA) rights

     

     

     

    Management Suite Administrator
    The Management Suite Administrator permission provides full access to all of the application tools (however, use of these tools is still limited to the devices included in the administrator's scope).

     

    The Management Suite Administrator permission provides users the ability to:

     

    Manage users with the Users tool.
    See and configure product licensing in the Configure menu.
    Configure LANDesk services.
    Important: Perform ALL of the Management Suite tasks allowed by the other permissions.

     


    Agent configuration

     

    No rights: Can’t see the tool.
    View: Can see this tool and can view anything. Can’t change anything.
    Edit: Can see and change anything. Can’t deploy an agent configuration job.
    Deploy: Can see everything. Can’t change anything. Can schedule any agent configuration task that they can see (including public).
    Edit public: Can assign configurations to public. Can edit public configurations.

     


    Alerting

     

    No rights: Can’t see the tool.
    View: Can see this tool and can view anything. Can’t change anything.
    Edit: Can see and change anything. Can’t deploy.
    Deploy: Can see everything. Can’t change anything. Can deploy.

     


    Basic Web console

     

    No rights: Can’t log into Web console.
    View: Not applicable.
    Edit: Can log into Web console and see the most basic things.
    Deploy: Not applicable.

     


    Core synchronization

     

    No rights: No core synchronzation tool. No right-click options to Autosync or Copy to core. Still show import and export options. (These are tied into the "Edit" right for the tool that has these options.)
    View: Can see the tool, but can't make any changes. Still no synchronization options in context menus as above.
    Edit: Can do everything. Add/remove target cores, turn components on and off, enable auto sync on instances, and manual sync.
    Deploy: Not applicable.

     


    Custom data forms

     

    No rights: Can’t see the tool.
    View: Can see this tool and can view anything. Can’t change anything.
    Edit: Can see and change anything. Can’t deploy.
    Deploy: Can see everything. Can’t change anything. Can deploy.

     


    Device management

     

    Add / Delete devices

     

    No rights: Can’t see the Insert new computer option in the context menu when viewing All devices in the Network view. Can’t see the Delete option in the context menu when selecting a device in the Network view. Can’t see the Network view > Configuration > User added computers tree node.
    View: Not applicable.
    Edit: Can see and use the Insert new computer option in the context menu when viewing All devices in the Network view. Can see and use the Delete option in the context menu when selecting a device in the Network view. Can see the Network view > Configuration > User added computers tree node.
    Deploy: Not applicable.

     

    Manage public device groups
    No rights: Can’t change anything in Public devices.
    View: Not applicable.
    Edit: Not applicable.
    Deploy: Not applicable.
    Edit Public: Can create, delete and change device groups in Public devices. Can move a device group into Public devices.

     


    Unmanaged device discovery

     

    No rights: Can’t see the UDD tool.
    View: Can open the UDD tool and view any item. Can’t create/delete/edit anything.
    Edit: Can open the UDD tool and view any item. Can create/delete/edit anything.
    Deploy: Can open the UDD tool and view any item. Can’t create/delete/edit anything. Can schedule a UDD task.

     


    Device monitoring

     

    No rights: Can’t see Device monitoring from the Configure menu.
    View: Can see the Alerting tool and Logs tool. Can see information in the Device monitoring tool. Can't edit it.
    Edit: Can see the Alerting tool and Logs tool. Can see and edit information in the Device monitoring tool.
    Deploy: Not applicable.

     


    Wake/Reboot/Shutdown

     

    Edit: Can see and use Wake up, Reboot and Shutdown options in the context menu when selecting a device. Manage local users and groups
    Edit: Can see and use Manage local users and groups in the context menu when selecting a device.

     


    Manage local users and groups

     

    Edit: Can see and use Manage local users and groups in the context menu when selecting a device.

     


    Handheld

     

    No rights: Can’t see the handheld tools.
    View: Can see the handheld tools. Can’t change anything.
    Edit: Can create, edit and delete items. Can't schedule a job.
    Deploy: Can't create, edit and delete items. Can schedule a job. Can use the Handheld task button in the Scheduled tasks tool.

     


    Launchpad

     

    No rights: Can’t see the Launchpad tool.
    View: Can see the tool. Can’t change anything.
    Edit: Can create, edit, and delete items. Can't schedule a task/policy.
    Deploy: Can't create, edit, and delete items. Can schedule a task/policy.

     


    OS Deployment / Provisioning

     

    No rights: Can’t see the OS Deployment tool.
    View: Can see the tool. Can’t change anything.
    Edit: Can create, edit and delete items. Can't schedule tasks.
    Deploy: Can schedule tasks for items that they can see (including public). Can't create, edit and delete items.
    Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

     


    Power management

     

    No rights: Can’t see the Power Management tool.
    View: Can see the tool. Can’t change anything.
    Edit: Can create, edit and delete items. Can't schedule tasks.
    Deploy: Can schedule tasks for items that they can see (including public). Can't create, edit or delete items.
    Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

     


    Public query management

     

    No rights: Regular behavior.
    View: Not applicable.
    Edit: Not applicable.
    Deploy: Not applicable.
    Edit Public: Can move queries to the Public folder. Can create, edit or delete queries in the Public folder.

     


    Refresh scopes

     

    No rights: The Network view's Refresh scopes toolbar button doesn't do anything.
    Edit: The Network view's Refresh scopes toolbar button updates all scopes. Use this when you've added devices to a scope or changed a user's scope and you want that user to see the new scope. Otherwise the scope refresh can wait up to an hour before it occurs automatically.

     


    Remote control tools

     

    Remote control

     

    No rights: Can’t see the Remote control > Remote control option in the context menu.
    View: Can see the Remote control > Remote control option and can remote control a device. Can’t take control of the device (view only).
    Edit: Can see the Remote control > Remote control option and can remote control and take control of a device.
    Deploy: Not applicable.

     


    Execute programs

     

    Edit: Can see the Remote control > Execute program option and can use it. The Execute program option is enabled in the Remote control window.

     


    Transfer files

     

    Edit: Can see the Remote control > Transfer files option and can use it. The Transfer files option is enabled in the Remote control window.

     


    Chat

     

    Edit: Can see the Remote control > Chat option and can use it. The Chat option is enabled in the Remote control window.

     


    Reboot

     

    Edit: Can see the Remote control > Reboot option and can use it. The Reboot option is enabled in the Remote control window.

     


    Security

     

    Patch and compliance

     

    No rights: Can’t see the tool. Can’t see any scheduled tasks or policies in software distribution that are created from the tool.
    View: Can see the tool. Can see everything inside. Can't download content, create/edit/delete configurations, or change anything. It is read-only.
    Edit: Can see the tool. Can see everything inside. Can edit anything. Can’t schedule anything, including: content downloads, scan jobs, repair jobs, gather history, etc.
    Deploy: Can see the tool. Can see everything inside. Can't modify anything, but can create a task or policy using the information there for items that they can see (including public).
    Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder. Edit public repair tasks require all view, edit, deploy and public edit rights for patch and compliance.

     

     


    Security configurations

     

    No rights: Can’t see the tool. Can’t see any scheduled tasks or policies in the Scheduledtasks window that are created from this tool.
    View: Can see this tool and the Security Activities tool. Can look at but not change any configurations or create any tasks.
    Edit: Can see the tool and the Security Activities tool. Can see everything inside. Can edit anything. Can’t schedule anything.
    Deploy: Can see the tool and the Security Activities tool. Can see everything inside. Can't modify anything, but can create a task or policy to deploy this to a client or change its configuration for items that they can see (including public).
    Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

     


    Network access control

     

    No rights: Can’t see the tool.
    View: Can see this tool and can view anything (such as the 802.1x configuration). Can’t change anything.
    Edit: Can see and change anything, including publishing NAC settings.
    Deploy: Not applicable.

     


    Software distribution

     

    Delivery methods

     

    View: Can see the tool and everything in it.
    Edit: Can create/edit/delete methods.
    Deploy: Not applicable
    Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

     


    Distribution packages

     

    View: Can see the tool and everything in it.
    Edit: Can create/edit/delete packages.
    Deploy: Can deploy a package in the distribution package tool. Can use the Create software distribution task button in the Scheduled tasks tool. Can use the Create custom script task button in the Scheduled tasks tool. This applies to all items that they can see (including public).
    Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

     


    Directory manager

     

    View: Can see the tool and everything in it (assuming someone has authenticated already).
    Edit: Can authenticate to a new directory and can see everything and can create/edit/delete queries.
    Deploy: Not applicable.

     


    Manage scripts

     

    View: Can see this tool and can view anything. Can’t change anything.
    Edit: Can see and change anything. Can’t schedule a task.
    Deploy: Can schedule tasks for items that they can see (including Public). Can't create, edit and delete items.
    Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

     


    Scheduled tasks

     

    If someone has "Deploy" rights for any of the tools listed below, they can see the scheduled task tool.

     

    If someone has "Deploy" rights they have rights to modify any part of the type of task that they have "Deploy" rights for (for example, agent configuration, software distribution, Patch, etc.).

     

    If someone has "Deploy" rights, they can change only the Target and the Schedule panes of a Public task.

     

    If someone has "Deploy" rights and "Edit Public" rights, they can make any changes to Public tasks and can move tasks to and from the Public folder.

     

    If someone has "Edit Public" rights but not "Deploy" rights, they can't edit any task of that type, including Public tasks.

     


    Software license monitoring

     

    No rights: Can’t see the Software license monitoring tool.
    View: Can see everything. Can’t change anything.
    Edit: Can see and edit anything.
    Deploy: Not applicable.

     


    User Administration

     

    No rights: Can’t see the Users tool.
    View: Can see everything. Can’t change anything.
    Edit: Not applicable.
    Deploy: Not applicable.

     


    I would also lean on the following information article if you have additional questions:

     

    LANDesk Help Center - Welcome to the user management tool

    Role-based administration overview