As an administrator, many a time you would have felt mundane routines spill over crucial attention-seeking jobs of your network. Device Control Plus answers this concern through its User & Role Management module; delegating routine activities to chosen users with well-defined permission levels. You can easily administer the users, and define their scope to manage a specific set of computers. 

Role Management

Some of the most commonly used roles are specified under Pre-defined Roles. However, you also have the flexibility to define roles that best suit your requirements under the User-defined Roles and grant appropriate permissions.  Here's a brief on the Pre-defined and User-defined roles respectively:


User-defined Role

You can tailor-make any number of roles, using Device Control Plus and give them permissions of your choice based on your personalized needs. These customized roles fall under the User-defined category. For a better understanding let us quickly see how to create a User-defined Role in the following section.

Follow the steps mentioned below to create a new User-defined role:

1. Select the Admin tab and click  User Administration, under Global Settings. This opens the User Administration page.
2. Click the Add User button.
3. Specify the Role Name and a small description about it.
4.Define the scope by selecting the computers that are to be managed.
The permission levels are broadly classified into:

Full Control - To perform all operations like an administrator, for the specific module
Write - To perform all the operations, except few restrictions as explained below in the table
Read - To only view the details in that module
No Access - To hide the module from the User 

5. Click  Add button.

You have successfully created a new role. The role you have just created will now be available in the Roles list of the user creation module. Role deletion cannot be performed if that role is associated even with a single User. However you can modify the permission levels for all User-defined roles.


Pre-defined Roles

You will find the following roles in the Pre-defined category:

  1. Administrator
  2. Device Control Manager
  3. Technician
  4. Guest

Administrator Role: The Administrator role signifies the Super Admin who exercises full control, on all modules. These modules pertain to both Device control related tasks-  creating/publishing/modifying any and all device and policy lists- as well as a scope of management activities.

There can be only one super admin for an organization, in case the super admin leaves the company, you can re-assign any administrator as super admin, however this can be done only by logging in as super admin. A super admin will also have the privilege to move users from one organization to another.

Device Control Manager: The role of this user enables them to oversee and manage all device control related duties, however they are restricted from configuring scope of management and user management settings.

This critical role includes full permission for device control based tasks such as creating and modifying device/policy lists, changing audit settings, granting/revoking temporary access. This role can only be delegated to a trusted user by someone that has Administrator access.

Technician Role:  The technician role, when assigned to a user by the Administrator, denotes permission to configure, to an extent, certain device control related settings only. For example, the technician can create device and policy lists however only the policies that have been initially created by the technician can be modified. As for device lists, once it has been created by the technician, cannot be edited/deleted.

Guest : The Guest Role retains the Read Only permission to all modules. A user who is associated to the Guest Role, will have the privileges to scan and view various information about different modules, although making changes is strictly prohibited. Guest Role also has Read Only permission for viewing, details on Device Control.

NOTE - Delegate specific authorization for handling Temporary Access requests. An administrator can allocate the users any privilege, such as Full Control, Write and Read for regulating Temporary Access without hoisting the permission for other features.

The details of all the roles and their specific permissions is given in the table below:

Actions Administrator Device Control Manager Technician Guest
Create Policy
Publish Policy
Trash/Restore/Delete Policy
View Policy
Modify Policy Only ones created by technician
Decline Policy Request
Duplicate existing policy
Create Allowed Device List
Edit Allowed Device List
Trash/Restore/Delete Allowed Device List
View Allowed Device List
Duplicate Allowed Device List
Create Temporary Access
Edit Temporary Access
Trash/Delete/Revoke/Decline Temporary Access
View Temporary Access
Download/Mail Temporary Access Code
View Managed Computer
Associate Policy with Group
View Audit Settings
Save Audit Settings
Custom Group Creation
Add or Remove Computers
Create/Edit/Delete User
Extension based file transfer logs​

User Management

Creating a User and Associating a Role

You can associate a User with a Role while creating a New User. To create a user follow the steps mentioned below:

  1. Login to Device Control Plus client as an Administrator.
  2. Click User Management link available under the Global Settings category.
  3. Specify the Authentication Type as Active Directory Authentication or Local Authentication.
  4. Specify a User Name, Password and  Confirm the password.
  5. Specify the Role,  from the drop down. You can see find all the pre-defined roles, and the  roles that you have created will be listed here.
  6. Specify the Email address and the Phone number of the user, this is optional.
  7. Define the Scope for the user, you can specify the computers, which needs to be managed by the user. You can choose to provide the user access to manage all computers, remote offices or specific unique custom groups. If you do not have a unique custom group, you can create one. If the custom group is not unique, it will not be listed here. 

You have successfully create a user and associated a role to the user with the scope of the computers that need to be managed. When you opt to authenticate a user via Active Directory, the user should have privileges to login to the domain from the computer where Device Control Plus Server is installed.


Modifying User details

Device Control Plus offers the flexibility to modify the role of users, to best suit your changing requirements. You can do operations like Changing the User Role and Reset User Password at any point of time you feel you should.


Deleting a User

At times when you find a user's contribution obsolete, you can go ahead and delete the user from the User List. The user so removed will no more exercise Module Permissions.