Restrict Users to Specific Roles
With the technology improvements and the application of computers in every other field, the profile of a system administration has greatly increased. In a midsize network, it is quite an impossible task for a single person to cover all the aspects of system administration. Desktop Central answers this concern through its User & Role Management module; delegating routine activities to chosen users with well-defined permission levels. It restricts the access of systems to authorized users with the Role Based Access Control (RBAC) approach.
User-Defined and Pre-Defined Roles
You can tailor-make any number of roles in Desktop Central and give them permissions of your choice based on your personalized needs. These roles can then be associated with Desktop Central Users. There are also a set of pre-defined roles that you can readily use:
- Administrator - The Administrator role signifies the Super Admin who exercises full control, on all modules
- Guest - The Guest Role retains the Read Only permission to all modules.
- Technician - The Technician Role has a well defined set of permissions to do specific operations. Users under the Technician role are restricted from performing all the operations listed under the Admin tab.
- Auditor - The Auditor role is specially crafted for Auditing Purposes. This role will help you grant permissions to auditors view the details of software inventory, check for license compliance, etc.
- Remote Desktop Viewer - The Remote Desktop Viewer Role will allow the users associated with it to Invoke a Remote desktop connection and view details of users who had connected to a particular system.
- IT Asset Manager - The IT Asset Manager has complete access to the Asset Management module and all the other features are inaccessible.
- Patch Manager - The Patch Manager role has complete access to the Patch Management module and all the other modules/features are inaccessible.
- Mobile Device Manager - The Mobile Device Manager has complete access to the MDM module and all the other modules/features are inaccessible.
Defining a scope for the users
You can define the target computers which can be mapped to every user. By limiting the user's permission to specific set of computers, the user possesses enough permission to perform his role but not excess permission to take unduly advantage.
The target that you define as the scope for the user, can be static unique groups, remote offices or all computers.