Permissions
User Guide: Admin Tab
Permissions
If creating a custom role for an organization, it is important to combine permissions correctly so users will be able to access all the features they need to do their jobs. While some of the permissions can grant standalone access to just one feature at the exclusion of all the rest, most are dependent on at least one other permission to function. For example, all permissions except the Admin Organization permission must also have a Support Dashboard permission within the same role in order for the user to access his or her Account Settings page. The table below lists each permission, and any "Prequisite Permission(s)" upon which that permission is dependent.
Assigning a user a role without the correct prerequisite permissions can cause the user to receive an error message upon opening a page or clicking on a feature for which they do not have permission.
Most permissions have a View type and a Manage type. The View type grants view-only access to the feature, and the Manage type grants access to make changes to the feature. For prequisite permissions, the View type is required at minimum. For example, the Admin Roles Manage permission can function when the Admin User View permission is also granted; the Admin User Manage permission could be granted in that role instead of Admin User View and accomplish the same result, but it would also give that role access to create, edit, and delete all user accounts, which the role would not have with Admin User View.
If looking to implement basic roles that grant blocks of permission based on the tab navigation in BlueFletch Portal, such as a Playbook View role to view all features within Playbook MDM or a Launcher Admin role to manage all features within Enterprise Launcher, BlueFletch recommends using the predefined roles that come with the organization by default.
| Permission Name | Prerequisite Permission(s) | Description of Access |
|---|---|---|
Admin Download View | None | Ability to view and download BlueFletch device applications. |
Admin Files Manage | Admin Organization View/Manage | Ability to create, edit, and delete organization files. |
Admin Files View | Admin Organization View/Manage | Ability to view organization files. |
Admin Organization Manage | None | Ability to edit organization settings. |
Admin Organization View | None | Ability to view organization settings. |
Admin Playbook Agents View | Support Dashboard View, Support Report View | Ability to view the list of available Playbook MDM Agents. |
Admin Roles Manage | Admin User View/Manage and Support Dashboard View | Ability to create, edit, and delete organization roles. |
Admin Roles View | Support Dashboard View, Support Report View | Ability to view the available organization roles. |
Admin Sites Manage | Support Dashboard View, Support Report View | Ability to create, edit, and delete sites within the organization. |
Admin Sites View | Support Dashboard View, Support Report View | Ability to view the organization Sites page. |
Admin User Manage | Admin Organization View/Manage | Ability to create, edit, and delete users within the organization. |
Admin User View | Support Dashboard View, Support Report View | Ability to view users within the organization. |
API Key Management | Admin Organization View/Manage | Ability to create, manage, and view API Keys. |
API Key View | Admin Organization View/Manage | Ability to view API Keys. |
Audit Log View | Support Dashboard View, Support Report View | Ability to view and query the audit logs. |
Chat Management | Support Dashboard View, Support Report View | Ability to create and manage Chat groups, along with view Chat messages. |
Chat View | Support Dashboard View, Support Report View | Ability to view Chat groups and Chat messages. |
Device Find | Support Dashboard View, Support Report View | Ability to send a notification to a device to trigger an audible alarm. |
Device Remote Chat | Support Dashboard View, Support Report View | Ability to start a remote chat with a device user. |
Device Remote Control | Support Dashboard View, Support Report View | Ability to start a remote control session of a device. |
EMM Device Manage | EMM Enterprise View/Manage, Support Dashboard View, Support Report View | Ability to manage EMM devices. |
EMM Device View | EMM Enterprise View/Manage, Support Dashboard View, Support Report View | Ability to view EMM devices. |
EMM Enterprise Manage | EMM Policy View/Manage (or EMM Device View/Manage), Support Dashboard View, Support Report View | Ability to associate organization with Google Play create, edit, and delete organization enterprise settings. |
EMM Enterprise View | EMM Policy View/Manage (or EMM Device View/Manage), Support Dashboard View, Support Report View | Ability to view organization enterprise settings. |
EMM Policy Manage | EMM Enterprise View/Manage, Support Dashboard View, Support Report View | Ability to create, edit, and delete EMM policies. |
EMM Policy View | EMM Enterprise View/Manage, Support Dashboard View, Support Report View | Ability to view EMM policies. |
EMM Policy Token Manage | EMM Policy View/Manage, EMM Enterprise View/Manage, Support Dashboard View, Support Report View | Ability to create, edit, and delete EMM policy tokens. |
EMM Policy Token View | EMM Policy View/Manage, EMM Enterprise View/Manage, Support Dashboard View, Support Report View | Ability to view EMM policy tokens. |
IP Address Allow List Manage | Support Dashboard View, Support Report View | Ability to add and delete entries from the IP Address allow list. |
IP Address Allow List View | Support Dashboard View, Support Report View | Ability to view the IP Address allow list. |
Launcher Config Manage | Support Dashboard View | Ability to create, edit, and delete launcher configurations. |
Launcher Config Manage | Support Dashboard View, Support Report View | Ability to create, edit, and delete launcher configurations. |
Launcher Config View | Support Dashboard View, Support Dashboard View, Support Report View | Ability to view launcher configurations. |
Launcher Notification Test | Support Dashboard View, Support Report View, Launcher Config Manage | Ability to use the Launcher notification test feature. |
MDM Deployment Group Manage | MDM Playbook View/Manage, MDM Play View/Manage, Support Dashboard View, Support Report View | Ability to create, edit, and delete Playbook MDM deployment groups. |
MDM Deployment Group View | MDM Playbook View/Manage, MDM Play View/Manage, Support Dashboard View, Support Report View | Ability to view Playbook MDM deployment groups. |
MDM Device Manage | Support Dashboard View, Support Report View | Ability to manage Playbook MDM devices. |
MDM Device View | Support Dashboard View, Support Report View | Ability to view Playbook MDM devices. |
MDM Playbook Manage | MDM Deployment Group View/Manage, MDM Play View/Manage, Support Dashboard View, Support Report View | Ability to create, edit, and delete Playbook MDM playbooks. |
MDM Playbook View | MDM Deployment Group View/Manage, MDM Play View/Manage, Support Dashboard View, Support Report View | Ability to view Playbook MDM playbooks. |
MDM Play Manage | MDM Deployment Group View/Manage, MDM Playbook View/Manage, Admin Download View, Support Dashboard View, Support Report View | Ability to create, edit, and delete Playbook MDM plays. |
MDM Play View | MDM Deployment Group View/Manage, MDM Playbook View/Manage, and Support Dashboard View | Ability to view Playbook MDM plays. |
Support Dashboard Explorer | Support Dashboard View, Support Report View | Ability to use the Support Explorer Tool. |
Support Dashboard Manage | Support Report View | Ability to create, edit, and delete Support Analytics Dashboards. |
Support Dashboard View | Support Report View | Ability to view Support Analytics Dashboards. |
Support Report Manage | Support Dashboard View, Admin User View/Manage | Ability to create, edit, and delete organization reports. |
Support Report View | Support Dashboard View | Ability to view the list of reports and subscribe to report emails. |
Last updated