User Administration User & Role Management

 

Overview

As an administrator, many a time you would have felt mundane routines spill over crucial attention-seeking jobs of your network. Desktop Central answers this concern through its User & Role Management module; delegating routine activities to chosen users with well-defined permission levels. You can easily administer these users that need access to Desktop Central Product web client.

Top

1. Role Management

Some of the most commonly used Roles are specified under Pre-defined Roles. However, you also have the flexibility to define roles that best suit your requirements under the User-defined Roles and grant appropriate permissions.  Here's a brief on the Pre-defined and User-defined roles respectively:

User-defined Role

You can tailor-make any number of roles using Desktop Central and give them permissions of your choice based on your personalized needs. These customized roles fall under the User-defined category. For a better understanding let us quickly see how to create a User-defined Role in the following section.

Defining a new Role

Follow the steps mentioned below to create a new User-defined role:

1. Select the Admin tab and click on User Administration. This opens the User Administration page.
2. Select the Role tab and click the Add Role button.
3. Specify the Role Name and a small description about it in the Define Role Section.
4. You can define module-wise permission level for the Role in the Select Control Section. The permission levels are broadly classified into:
    Full Control - To perform all operations akin to Administrator role, for the specific module
    Read Only - To only view the details in that module
    No Access - To hide the module from the User
5. Click on Add button.


The role you have just created will now be available in the Roles list of the user creation module. Role deletion cannot be performed if that role is associated even with a single User. However you can modify the permission levels for all User-defined roles.

Top

Pre-defined Roles

You will find five roles in the Pre-defined category and these include:

  1. Administrator
  2. Guest
  3. Technician
  4. Auditor
  5. Remote Desktop Viewer
  6. IT Asset Manager
  7. Patch Manager
1. Administrator Role: The Administrator role signifies the Super Admin who exercises full control, on all modules. The operations that are listed under the Admin tab include:

  1.    Defining or modifying Scope of Management
  2.    Adding Inactive Users
  3.    Changing mail server settings
  4.    Changing proxy settings
  5.    Personalizing options like changing themes, setting session expiry, etc.
  6.    Scheduling vulnerability database update
  7.    Scheduling scan settings for Patch Management
  8.    Editing MSI or Script repository
  9.    Viewing Actions Logs of Desktop Central
2. Guest Role: The Guest Role retains the Read Only permission to all modules. A user who is associated to the Guest Role will have the privileges to scan and view various information about different modules, although making changes is strictly prohibited.

3. Technician Role: The Technician Role has a well defined set of permissions to do specific operations. Users under the Technician role are restricted from performing all the operations listed under the Admin tab. The operations that can be performed by users associated with the Technician Role include:

  1.    Can define and deploy all types of configurations and collections.
  2.    Can view all the configurations including those created by other users, reports, etc.
  3.    Can suspend, modify, or re-deploy the configurations defined by them.
  4.    Can update the Vulnerability Database.
  5.    Can perform Scan operations on all modules.

4. Auditor: The Auditor role is specially crafted for Auditing Purposes. This role will help you grant permissions to auditors view the details of software inventory, check for license compliance, etc.

5. Remote Desktop Viewer: The Remote Desktop Viewer Role will allow the users associated with it to Invoke a Remote desktop connection and view details of users who had connected to a particular system.

6. IT Asset Manager: The IT Asset Manager has complete access to the Asset Management module and all the other features are inaccessible.

7. Patch Manager: The Patch Manager role has complete access to the Patch Management module and all the other modules/features are inaccessible.

Top

Privilege Guideline

Action
Read Permission
 Write Permission
Configuration
Create Configuration

  **
Patch Mgmt.
Decline Patches

Automate Patch Deployment

System Health Policy

Install Patch / Service Pack

On Demand Scanning

Software Deployment
Add Package

Network Share

Install / Uninstall Software for Users / Computers

Inventory
Group Software

Manage Licenses

Configure Prohibited Software

Configure E-Mail Alerts

On Demand Scanning

Tools
Add System Tools Task

Schedule Wake on LAN

Immediate Remote Shutdown

Schedule Remote Shutdown

Remote Control
Edit Settings

Remote Desktop Sharing

Reports
Enable User Logon Reports Settings

AD Report - On Demand Synchronization

** Exceptions:

  1. Install Patch / Service Pack Configurations can be defined only if Patch Write permissions are available for both Configuration and Patch modules.
  2. Install / Uninstall Software Configurations can be defined only if Write Permissions are available for both Configuration and Software Deployment modules.
Top

2. User Management

Creating a User and Associating a Role

You can associate a User with a Role while creating a New User. To create a user follow the steps mentioned below:

  1.   Login to Desktop Central client as an Administrator
  2.   Click the User Management link available under the Global Settings category.
  3.   This will list all the users that have been created. By default, it has admin and guest users in Administrator and Technician roles respectively.
  4.   Click the Create New User link.
  5. You have two modes of authenticating users into Desktop Central: From Active Directory or Locally.
    1. When you choose to Authenticate a user via Active Directory, you should select the domain and specify a user of that domain and their role. These users should use their domain Logon Name and Password to login to Desktop Central Client.
    2. When you choose the Local authentication, specify the User Name, Password, and Role
  6. Optionally, you can also specify the Email Address and Phone Number of the user. 
  7. When you have specified the required details, click Create User.
  8. The created user gets added to the User table.

When you opt to authenticate a user via Active Directory, the user should have privileges to login to the domain from the computer where Desktop Central Server is installed.

Modifying User details

Desktop Central offers the flexibility to modify the role of users, to best suit your changing requirements. You can do operations like Changing the User Role and Reset User Password at point of time you feel you should.

Deleting a User

At times when you find a user's contribution obsolete, you can go ahead and delete the user from the User List. The user so removed will no more exercise Module Permissions.

Top
Copyright © 2005-2012, ZOHO Corp. All Rights Reserved.
ManageEngine