# Understanding User Roles

This document will explain the **User Roles** and permissions which can be mapped for users. Creating various users with only certain roles and permissions allow you to have a more robust control over who does what with the product. For a detailed understanding about the various user roles and the associated scope offered by the product, refer to the doc on [role difference](https://www.manageengine.com/products/desktop-central/help/role-difference.html).

To create a new user, navigate to **Admin -> General Settings -> User Administration -> Add User**

To create a new role, navigate to **Admin -> General Settings -> User Administration -> Add Role**

## User Roles and Access Levels

| User Role | Configurations | Patch Management | Software Deployment | Inventory | Tools | Remote Desktop Sharing | Report | MDM Control Modules | OS Imaging | OS Deployment |
|---|---|---|---|---|---|---|---|---|---|---|
| **Administrator** | Full Control | Full Control | Full Control | Full Control | Full Control | Full Control | Full Control | Full Control | Full Control | Full Control |
| **Auditor** | No Access | No Access | No Access | No Access | No Access | No Access | Read Access | Read Access to Reports | No Access | No Access |
| **Guest** | Read Access | Read Access | Read Access | Read Access | Read Access | Read Access | Read Access | Read Access | Read Access | Read Access |
| **IT Asset Manager** | No Access | No Access | No Access | Full Control | No Access | No Access | No Access | Full Control over Inventory | No Access | No Access |
| **OS Deployer** | No Access | No Access | No Access | No Access | No Access | No Access | No Access | No Access | Full Control | Full Control |
| **Patch Manager** | No Access | Full Control | No Access | No Access | No Access | No Access | No Access | No Access | No Access | No Access |
| **Remote Desktop Viewer** | No Access | No Access | No Access | No Access | Full Control | No Access | No Access | No Access | No Access |  |
| **Technician** | Full Control | No Access | Full Control | No Access | Full Control | No Access | No Access | Full Control except Device Enrollment | No Access | No Access |

## MDM Control

| MDM Control | Create Profile Management | Create App Management | Create Inventory | Create Report | Enrollment | Content Management | OS Update Management | Remote Control |
|---|---|---|---|---|---|---|---|---|
| **Mobile Device Manager** | Full Control | Full Control | Full Control | Full Control | Full Control | Full Control | Full Control | Full Control |

The following are the roles within the Endpoint Security.

## Endpoint Security Roles

| Role | Description |
|---|---|
| Application Control Manager | This role provides the user with full control over application control and application control reports. |
| Bitlocker Manager | This role provides the user with full control of BitLocker management and reports. |
| Browser Security Manager | This role provides the user with full control of Browser Security functions. |
| Device Control Manager | This role provides the user with full control of Device Control functions and reports. |
| Security Manager | This role provides the user with full control of Security Manager functions such as BitLocker Management, Patch Management, Application Control and Vulnerability Management amongst others. |

Apart from these, you can also create roles based on your requirement.