DeviceExpert Home | Online Demo

Role-based User Access Control

Contents

Overview

DeviceExpert deals with the sensitive configuration files of devices and in a multi-member work environment, it becomes necessary to restrict access to sensitive information. Fine-grained access restrictions are critical for the secure usage of the product. DeviceExpert provides role-based access control to achieve this.  

 

DeviceExpert comes with three pre-defined access levels:

 

Access Level (Role)

Definition

Administrator

With all privileges to access, edit and push configuration of all devices. Only administrator can add devices to the inventory, add users, assign roles and assign devices. In addition, administrator can approve or reject requests pertaining to configuration upload (pushing configuration) by operators.

Power User

With privileges to access, edit and push configuration of specified devices. Can approve or reject requests pertaining to configuration upload (pushing configuration) by operators.

Operator

With privileges to access and edit configuration of specified devices. Can send requests for configuration upload (pushing configuration) to Administrators/Power Users.

 

This section explains how to create users and assign roles for them.

User Management

User Management Operations such as adding new users and assigning them roles, editing the existing users and deleting the user could be performed only by the Administrators. Other three types of users do not have this privilege.

 

Administrators can create as many users as required and define appropriate roles for the user. From Admin >> General Settings >> User Management, administrators can

 

    1. View all the existing users

    2. Create new users

    3. Change the access level, device list of existing users

    4. Delete an existing user

 

To view the existing list of users

 

 

Note: The default login name and password  for fresh DeviceExpert installation is 'admin' and 'admin' respectively. The default email ID has been configured as admin@manageengine.com. After logging in to the DeviceExpert, change the email ID for admin user. Otherwise, when you invoke 'forgot password' email would be sent to admin@manageengine.com.

 

Adding New Users

To Add New Users

 

 

To Edit existing Users

 

    1. Go to Admin >> General Settings >> User Management

    2. In the UI that opens, click the edit icon present against the respective username

    3. Change the Email-id, access level and device list of the user as desired and Click "Update"
       

To Delete existing Users

 

    1. Go to Admin >> General Settings >> User Management

    2. In the UI that opens, click the delete icon present against the respective username. The user will be removed from DeviceExpert once and for all

Privileges for Configuration and other Operations

The following table explains the privileges associated with each access level for performing various device configuration operations:

 

 

Access Level

Configuration & Other Operations

Device Addition

Upload (Pushing configuration into the device)

Authority for approving various requests

Compliance

Admin Operations

User Management

Administrator

(create, associate compliance policies)

 

Power User


(only for authorized devices)

(can approve only the requests made by a pre-determined list of user, that too on the allotted devices )


 


(all admin operations except database administration, export configuration & disaster recovery)

Operator


(only for authorized devices, subject to approval by administrator / Power User)

 

Approving Configuration Upload Requests

Only Administrators have the absolute privilege to perform all configuration operations. Other users in the hierarchy have restricted privileges.  

 

Any operation that involves pushing configuration into the device (upload) requires the approval of Administrators/ designated Power Users. When operators perform any such upload operation, a request is filed for the approval by the Administrators or designated Power Users. Email notification regarding the request is also sent to the designated Administrators and Power Users. The request would be evaluated by the Administrators/designated Power Users and they have the privilege to approve or reject the request. If the request is approved, the upload operation requested by the user gets executed.

 

Note: Power Users will be able to approve only those requests that are related to the changes on the devices that are already allotted. They will not be allowed to approve requests pertaining to other devices.

To approve/reject a request,

 

 

[Operators can view the status of their request by following the above procedure].

 

 

Note:

 

  1. When Administrators approve a upload that is scheduled to be executed at periodic intervals, the following will be the behaviour:

    Once approved, the upload schedule will not be sent for re-approval during the subsequent executions. For example, consider that a schedule has been created by an operator to upload configuration at a periodic interval of one hour. In this case, the schedule would be submitted for approval only once. If the administrator approves it, it will get executed every hour. From the second schedule onwards, it will not be sent for approval each time.
     

  2. In case, the Administrator/Power User rejects an upload request based on a Schedule, the respective request will be deleted from the database.

 

 

 


© 2005-2007, ZOHO Corp. All Rights Reserved.