pdf icon
Category Filter

Roles & Permissions

This section covers how you can create titles and assign them to users, along with the different set of permissions they can be entrusted.


There are 2 Default roles in Mobile Device Manager , which cannot be deleted or modified.

  1. Administrator
  2. Guest


The Administrator role signifies the "Admin user" who exercises FULL CONTROL, on all modules.Only Administrators will have the permission to create, modify and delete the user details and roles.

    Points to Note:
    Disclaimer:The information specified below is only applicable for MEMDM Cloud users.

  • The first admin/user who creates an account with the MDM, will be considered as the SUPER ADMIN for the organization.
  • Super admin cannot be deleted from the organization. However if a scenario arises such that the super admin should be changed or leaves the organisation, the ownership can be transferred via TRANSFER ADMIN PRIVILEGE.
  • It is recommended to have a common Super Admin for all the Zoho services, used across the organization.
  • If the added user is a part of another Zoho service, you cannot exercise Super Admin privileges on this user.

    Disclaimer:The information specified below is only applicable for MEMDM Cloud users.
    If the administrator of Mobile Device Manager Plus Cloud wishes to pass over his rights as an administrator, he can do so by assigning the administrator role to another user of the organization.
    Transfer of the admin privilege is necessary in the following cases:
    1. The current MDM administrator is changing roles or jobs.
    2. The organization has purchased only one administrator license.
    3. Click here to learn more scenarios where Transfer admin privilege will be useful


The Guest Role retains the READ ONLY permission to all modules This role can be delegated for viewing MDM inventory details, reports, profiles and Apps of the mobile devices. For example, a technician who is associated to the Guest Role, will have the privilege to view IT asset information.


Pre-Defined roles are some templates already present in the Mobile Device manager User Administration. These roles are created by the system.

Administrator can readily assign these roles to users once you've signed into the Mobile Device manager console.

The permissions and scope of all these roles can be modified based on your different business processes.

  1. Technician
  2. IT Asset Manager
  3. Auditor

Technician Role:

The Technician role has FULL CONTROL over all modules except Enrollment.It can cater to different purposes as per your organisation's needs.

IT Asset Manager:

The IT Asset Manager role, by default has FULL CONTROL only over the Inventory module. All the other features are inaccessible.


The Auditor role is specially crafted for Auditing Purposes. This role have READ ONLY access to the Reports module and can be beneficial in scenarios where a user should be delegated access to view reports. For example specific technicians who collect audit reports for compliance or to view the details of software and hardware inventory.


According to your specific business use cases and specific business processes, Mobile Device Manager Plus offers the flexibility to create and modify the role of users, to best suit your changing requirements. The permission and scope level of these roles are defined by the admin manually while creating them, and are unique per user, thus called as User Defined roles .

In addition, user defined roles can also be created by modifying Pre-defined roles. These roles enables you to take user administration to different levels of your company based on its organisational structure, and hence enables you to take a work centric approach to User administration.

For example you need to add an IT Support member for remote trouble shooting some COPE devices, then they can be created under user defined role and assigned to respective technicians.


There are 4 levels of authorization an admin can give to a user. These are called Permissions

The 4 types of Permission are:

  1. Full Control- User can perform all available actions in that module
  2. Write- User can perform limited actions
  3. Read- User can only view or scan the details in the respective module
  4. No Access- The module will be hidden from the user

Check out this document to view the full list of actions available under each module and their associated permission levels.

    Points To Note:
  • Users with Write roles for App Management, Profile Management and Content Management are automatically granted 'Read' access to groups.
  • Users with Write roles for Enrolment are automatically granted 'Write' access to groups.
Jump To