Device Group Permissions

Device group permissions manage access control for administrators and users interacting with devices within specific groups. These permissions define who can view, modify, or perform actions on devices in a given group. Here are some key aspects of device group permissions:

  • Access Control: Restricts which administrators or users can manage devices in certain groups, ensuring that only authorized personnel can make changes.

  • Device Management: Grants specific rights such as enrolling new devices, pushing configurations, updating software, or remotely troubleshooting.

  • Security Enforcement: Helps maintain compliance by limiting access to sensitive device settings or data, preventing unauthorized modifications.

  • Organizational Efficiency: Allows IT teams to delegate management responsibilities across different departments or regions by assigning permissions accordingly.

With device group permissions, you can restrict user, group, or role permissions to specific device groups. This is especially beneficial in organizations with discrete departments.

For example, you have one support team in Paris, France, overseeing devices in Europe and another in Lagos, Nigeria, supporting devices in Africa. Then, you have a device group tree that reflects the European/African device structure. You can use device group permissions to grant the French team full access to only the European devices and the Nigerian team full access to African devices.

When changing permissions for roles, select an Allow or Deny check-box for any permission on the list.
Tip: The selected check-box appears as a blue check mark. The cleared check-box appears as a gray square contour.

When you assign users and groups to a role, they inherit permissions from the role. The inherited Allow and Deny options appear as solid blue squares. You can select an Allow or Deny check-box for any permission on the list. This selection removes inheritance from the role. The explicitly selected (not inherited) check-box displays a blue check mark. The cleared check-box displays a gray square contour.

Note: The permissions are hierarchical, which is visually communicated by multi-level indentations in the permission list. When you edit a given permission, the change automatically affects permissions hierarchically related to the edited one. This is immediately reflected in the permission list shown on the page.

Manage Devices

Configure Advanced Settings Enables device groups to apply advanced settings to devices.
Manage VPN Server Enables device groups to manage SOTI Virtual Private Network (VPN) servers.
Manage devices Enables device groups to perform actions on devices.
Move devices into group Enables users to transfer devices into device groups they have access to.
Move devices out of group Enables users to transfer devices out of device groups they have access to.
Manage Notes Enables device groups to create and manage notes for devices.
Access Location Services Enables device groups to locate and track devices. SOTI MobiControl has removed this feature and is now part of SOTI XSight. See SOTI XSight Configuring Roles and Permissions.
Send Action Commands Enables device groups to execute device actions.

You can use the Send Action Commands permission to block or allow all device actions or set permissions based on specific device actions. See Available Device Actions for details on each device action.

Modify Device User Enables device groups to change user details assigned to a device.
Edit Custom Attribute Values Enables device groups to change the values of custom attributes for the device.
Configure Profiles & Policies Enables device groups to view and configure profiles and policies. See Viewing Profiles and Policies on a Device Group.
Assign VPN Servers Enables users to assign VPN servers in the SOTI VPN profile configuration.

Manage Groups

View Groups Enables device groups to view device groups.
Target Groups Enables device groups to apply settings (profiles, rules, etc.) to device groups.
Manage Groups Enables device groups to perform actions on device groups.
Configure Group Permissions Enables device groups to configure group permissions.

Remote Control Devices

Remote Control Devices Enables device groups to remote control devices.
View Files Enables device groups to view device files.
Update Files Enables device groups to save changes to device files.
View Registry Enables device groups to view the device registry.
Update Registry Enables device groups to save changes to the device registry.
View Tasks and Services Info Enables device groups to view what applications are currently running on the device.
Edit Tasks and Services Enables device groups to stop device tasks.
View System Info Enables device groups to view device system information (RAM, CPU usage).
Run Command Prompt/Terminal Enables device groups to open the command prompt.
Remote Control Scripting Enables device groups to use scripts.
Send Keyboard/Mouse Input Enables device groups to send keyboard and mouse control to the device.
Control Without Notification Enables device groups to remote control devices without letting device operators know.
Run Web Console Enables device groups to access Linux Terminal and Linux Web Console on remote-controlled devices.