# Role-Based Access Controls for BitLocker Management In large organizations, managing BitLocker encryption requires strict access controls to prevent unauthorized modifications while ensuring smooth operations. Role-based access control (RBAC) allows IT teams to delegate encryption management securely, ensuring only designated technicians handle BitLocker configurations and recovery key management. ## Assigning Technician Access Endpoint Central provides granular access control, enabling organizations to separate BitLocker encryption configuration from recovery key access. This ensures that encryption policies are managed securely while recovery keys are accessible only to authorized personnel. To assign separate technical access, follow these steps: 1. Navigate to **Admin → Users** under **User Administration** in the web console. 2. Click ‘Add User’ and assign the role ‘BitLocker Manager’ to grant access to BitLocker encryption settings. ![BitLocker Technician Access](https://www.manageengine.com/products/desktop-central/help/images/blm-rbac.png) 3. Restrict recovery key access by configuring permissions under the **Role** tab to ensure only specific users can retrieve recovery keys as the steps given below. ## Assigning Technician Role To create a custom role with specific BitLocker access, follow these steps: 1. Navigate to **Admin → Role** under **User Administration** in the web console. 2. Click ‘Add Role’ and customize access permissions for the role. 3. For BitLocker configuration access only, select ‘Full Control’ against **BitLocker Management (All features)** and unselect ‘Full Control’ against **BitLocker Management (Recovery Key)** to restrict recovery key access. ![BitLocker Roles](https://www.manageengine.com/products/desktop-central/help/images/blm-rbac-1.png) 4. For recovery key access only, select ‘Full Control’ only for **BitLocker Management (Recovery Key)** while leaving other BitLocker permissions unchecked. ![BitLocker Roles](https://www.manageengine.com/products/desktop-central/help/images/blm-rbac-2.png)