As an administrator, many a time you would have felt mundane routines spill over crucial attention-seeking jobs of your network. Device Control Plus answers this concern through its User & Role Management module; delegating routine activities to chosen users with well-defined permission levels. You can easily administer the users, and define their scope to manage a specific set of computers.
Some of the most commonly used roles are specified under Pre-defined Roles. However, you also have the flexibility to define roles that best suit your requirements under the User-defined Roles and grant appropriate permissions. Here's a brief on the Pre-defined and User-defined roles respectively:
You can tailor-make any number of roles, using Device Control Plus and give them permissions of your choice based on your personalized needs. These customized roles fall under the User-defined category. For a better understanding let us quickly see how to create a User-defined Role in the following section.
Follow the steps mentioned below to create a new User-defined role:
1. Select the Admin tab and click User Administration, under Global Settings. This opens the User Administration page.
2. Click the Add User button.
3. Specify the Role Name and a small description about it.
4.Define the scope by selecting the computers that are to be managed.
The permission levels are broadly classified into:
Full Control - To perform all operations like an administrator, for the specific module
Write - To perform all the operations, except few restrictions as explained below in the table
Read - To only view the details in that module
No Access - To hide the module from the User
5. Click Add button.
You have successfully created a new role. The role you have just created will now be available in the Roles list of the user creation module. Role deletion cannot be performed if that role is associated even with a single User. However you can modify the permission levels for all User-defined roles.
You will find the following roles in the Pre-defined category:
Administrator Role: The Administrator role signifies the Super Admin who exercises full control, on all modules. These modules pertain to both Device control related tasks- creating/publishing/modifying any and all device and policy lists- as well as a scope of management activities.
There can be only one super admin for an organization, in case the super admin leaves the company, you can re-assign any administrator as super admin, however this can be done only by logging in as super admin. A super admin will also have the privilege to move users from one organization to another.
Device Control Manager: The role of this user enables them to oversee and manage all device control related duties, however they are restricted from configuring scope of management and user management settings.
This critical role includes full permission for device control based tasks such as creating and modifying device/policy lists, changing audit settings, granting/revoking temporary access. This role can only be delegated to a trusted user by someone that has Administrator access.
Technician Role: The technician role, when assigned to a user by the Administrator, denotes permission to configure, to an extent, certain device control related settings only. For example, the technician can create device and policy lists however only the policies that have been initially created by the technician can be modified. As for device lists, once it has been created by the technician, cannot be edited/deleted.
Guest : The Guest Role retains the Read Only permission to all modules. A user who is associated to the Guest Role, will have the privileges to scan and view various information about different modules, although making changes is strictly prohibited. Guest Role also has Read Only permission for viewing, details on Device Control.
NOTE - Delegate specific authorization for handling Temporary Access requests. An administrator can allocate the users any privilege, such as Full Control, Write and Read for regulating Temporary Access without hoisting the permission for other features.
The details of all the roles and their specific permissions is given in the table below:
| Actions | Administrator | Device Control Manager | Technician | Guest |
|---|---|---|---|---|
| Create Policy | ✓ | ✓ | ✓ | ✗ |
| Publish Policy | ✓ | ✓ | ✗ | ✗ |
| Trash/Restore/Delete Policy | ✓ | ✓ | ✗ | ✗ |
| View Policy | ✓ | ✓ | ✓ | ✓ |
| Modify Policy | ✓ | ✓ | Only ones created by technician | ✗ |
| Decline Policy Request | ✓ | ✓ | ✗ | ✗ |
| Duplicate existing policy | ✓ | ✓ | ✓ | ✗ |
| Create Allowed Device List | ✓ | ✓ | ✓ | ✗ |
| Edit Allowed Device List | ✓ | ✓ | ✗ | ✗ |
| Trash/Restore/Delete Allowed Device List | ✓ | ✓ | ✗ | ✗ |
| View Allowed Device List | ✓ | ✓ | ✓ | ✓ |
| Duplicate Allowed Device List | ✓ | ✓ | ✓ | ✗ |
| Create Temporary Access | ✓ | ✓ | ✗ | ✗ |
| Edit Temporary Access | ✓ | ✓ | ✗ | ✗ |
| Trash/Delete/Revoke/Decline Temporary Access | ✓ | ✓ | ✗ | ✗ |
| View Temporary Access | ✓ | ✓ | ✓ | ✓ |
| Download/Mail Temporary Access Code | ✓ | ✓ | ✓ | ✗ |
| View Managed Computer | ✓ | ✓ | ✓ | ✗ |
| Associate Policy with Group | ✓ | ✓ | ✗ | ✗ |
| View Audit Settings | ✓ | ✓ | ✓ | ✓ |
| Save Audit Settings | ✓ | ✓ | ✗ | ✗ |
| Custom Group Creation | ✓ | ✗ | ✗ | ✗ |
| Add or Remove Computers | ✓ | ✗ | ✗ | ✗ |
| Create/Edit/Delete User | ✓ | ✗ | ✗ | ✗ |
| Extension based file transfer logs | ✓ | ✓ | ✗ | ✗ |
You can associate a User with a Role while creating a New User. To create a user follow the steps mentioned below:
You have successfully create a user and associated a role to the user with the scope of the computers that need to be managed. When you opt to authenticate a user via Active Directory, the user should have privileges to login to the domain from the computer where Device Control Plus Server is installed.
Device Control Plus offers the flexibility to modify the role of users, to best suit your changing requirements. You can do operations like Changing the User Role and Reset User Password at any point of time you feel you should.
At times when you find a user's contribution obsolete, you can go ahead and delete the user from the User List. The user so removed will no more exercise Module Permissions.