Admin Roles

Administrative Roles and Permissions

Content List

Overview

Administrative roles and permissions define user access levels and authority within an organization's systems. Roles determine who can perform administrative tasks, while permissions specify actions users can take on resources, such as reading or modifying. Proper management of these roles ensures secure access control, protects sensitive information, and helps maintain operational efficiency.

Required Access Level

Owner, Administrator, User Manager, Help Desk, Read-Only.

Administrator Page

Administrator Grid

Field	Description
Name	The user’s first and last name
Email	The user's registered email address
Role	The designated access level assigned to the user within the portal
Locked	Indicates the user account access - Locked/ Unlocked
Status	The current status of the account - Active/ Inactive
Last Login Date Time	The most recent date and time the user accessed the system
Action	The ellipsis menu provides edit option

Advanced Search

The advanced search feature enables users to refine and narrow search results by applying multiple filters, making it easier to find specific administrators within a large grid.

Click the ‘expand arrow’ icon next to the Search section to display the advanced search options.
In the advanced search section, enter the First Name, Last Name, Email assigned to an administrator, along with Status and/or Role from the drop-down menu.
Click Apply to filter the results based on the selected fields.
To remove the applied filters, click Clear to erase the selected filters.

Administrative Roles

All administrators have a role. That role defines their activities and view of the portal.

Roles: Owner, Administrator, Application Manager, User Manager, Help Desk, Read-Only.
CRUD: Create, Read, Update, and Delete.
- Create: The admin can add elements and components
- Read: The admin can't add, edit, or delete components; they can only read
- Update: The admin can edit components but can't add or delete them
- Delete: The admin can delete components but can't add or edit them
The matrix below shows admin roles and their permissions on different links in the portal:

Modules	Owner	Administrator	Application Manager	User Manager	Help Desk	Read-Only
Dashboard	R	R	R	R	R	R
Device Management	RU	RU	RU	-	RU	-
Policies	CRUD	CRUD	CRUD	-	R	-
Applications	CRUD	CRUD	CRUD	-	R	-
Users	CRUD	CRUD	-	CRUD	RU	-
Authentication Devices	CU	CU	-	CU	CU	-
Groups	CRUD	CRUD	-	CRUD	RU	-
Administrators	CRUD	CRUD	R	R	R	R
Reports	R	R	-	-	R	R
Settings	U	U	-	-	-	-

Owner

By default, the person who signs up for your company is assigned the role of an Owner. Owners can create more Owner roles with the same authorizations as their own.

Module	Permissions
Dashboard	R
Device Management
Mobile Devices	RU
Windows Management	RU
Policies	CRUD
Applications	CRUD
Users	CRUD
Authentication Devices	CU
Groups	CRUD
Administrators	CRUD
Reports	R
Settings	U

An Owner can create another Owner retaining the same permissions as their own.
A single account/company can have multiple Owners.
An Owner can edit the following details:
- First Name
- Last Name
- Email Address
- Phone Number: Update and Delete
- Authentication Factors: Enroll and Deactivate

Administrator

An Administrator and an Owner have the same rights in the portal, with Administrators having control over all settings.

Module	Permissions
Dashboard	R
Device Management
Mobile Devices	U
Windows Management	R
Policies	CRUD
Applications	CRUD
Users	CRUD
Groups	CRUD
Administrators	CRUD
Reports	R
Settings	U

Administrators can edit the following details:
- First Name
- Last Name
- Email Address
- Phone Number: Update and Delete
- Authentication Factors: Enroll and Deactivate

Application Manager

Application Managers have control only over the following links in the portal:

Module	Permissions
Dashboard	R
Device Management
Mobile Devices	RU
Windows Management	RU
Policies	CRUD
Applications	CRUD
Administrators	R

The Application Manager cannot view any other links.
In the Administrator Link, an Application Manager can only view their page.
On an Application Manager’s page, they can view their details, including Name, Email, Phone Number, Role, and Phones.
The Application Manager can enroll and deactivate their own Biometrics.

User Manager

User Managers have control over the following links in the portal. They cannot view any links other than these.

Module	Permissions
Dashboard	R
Users	CRUD
Authentication Devices	CU
Groups	CRUD
Administrators	R

In the Administrator Link, the User Manager can only view their page.
On the User Manager’s page, they can view their details, such as Name, Email, Phone Number, Role, and Phones.
The User Manager can enroll and deactivate their own Biometrics.

Help Desk

Help Desk has control only over the following links in the portal. Help Desk cannot view any other links than these.

Module	Permissions
Dashboard	R
Device Management	RU
Policies	R
Applications	R
Users	RU
Authentication Devices	CU
Groups	RU
Administrators	R
Reports	R

Users Grid

Help Desk cannot add new users, so the Add User button is removed from this page.

User Edit Page

Help Desk cannot deactivate user accounts.
Help Desk cannot delete a user's phone number.
Help Desk can edit user names, add username aliases, and save changes.

Group Grid Page

The help Desk cannot add new groups, so the Add Group button has been removed from this page.

Group Edit Page

The help Desk cannot change the status of a group, so this option has been removed.
Help Desk can edit the group name, description, and save changes.
Help Desk cannot add users to groups.
Help Desk can view users assigned to groups.

Read-Only

Read-only access allows control only over the following links in the portal; users with this access cannot view any other links.

Module	Permissions
Dashboard	R
Administrators	R
Reports	R
Settings	R

On the Settings page, all fields are static and cannot be edited.