|
Device Group Permissions |
Device group permissions allow for the segregation of MobiControl management privileges based on the device tree structure. For example, a support team operating out of California may be responsible for supporting all the devices in the western states, while another team out of New York is responsible for controlling all the devices in the eastern states. Using device group permissions, the members of the two respective teams can be granted varying levels of access to the devices in their own region (i.e. full access), and those in other regions (e.g. no access).
To enable group permissions, you must first enable the MobiControl Manager Console user security. (Please see the Manager Console User Security page.) Once the Manager Console user security is enabled and configured, right-click on a group for which you would like to implement permissions and select Group Permissions.
Selecting "Device Group Permissions" in MobiControl Manager
Note:
If the user or group belongs to the local domain, then the domain is not needed
(i.e. you can type in just "TestUser"). However, if the user or group is from a different
domain, then you do need to include the domain (i.e. Domain\TestUser2).
From the Device Group Permissions dialog box, you can customize user access and permissions. For instance, if you would like a user to be able to do everything, then you would select Full Control. Alternatively, if you would like the user only to be able to remote control the device, then select only that option. These security settings are applied to the devices groups in MobiControl Manager and define what users can do at the device level.
The permissions in the group permissions page can be set at the group level, as well as the individual user level. The permissions will take the most restrictive settings.
Device Group Permissions dialog box
Important:
If Allow is NOT selected, then the permission is not present and therefore not assigned to the user/group (as there is no deny option). However, if the permission is granted based on group membership, then the appropriate permissions are applied to all users within that group. Once the permission has been given on the group level, the permissions CAN NO LONGER BE DENIED.
Take caution in assigning permissions to groups.
| Access Right | Description |
|---|---|
| Full Control | Allows all features listed below |
| View Device Groups | View the device groups |
| Modify Device Groups | Modify the device groups |
| Configure Group Permissions | Configure device group permissions |
| Configure Devices | Modify device advanced settings such as connection mode, retry delay and log settings |
| Configure Device Security | Modify device security configurations such as lockdown and out-of-contact actions. |
| Send Messages to Devices | Send a text message to a set of devices |
| Send Scripts to Devices | Send a script to a set of devices |
| Move Devices | Move devices between device groups |
| Remote Control Devices | Start a remote control session |
| View Device Files | View device files through remote control |
| Update Device Files | Update the device files through remote control |
| View Device Registry | View the device registry through remote control |
| Update Device Registry | Update the device registry through remote control |
| View Device Task Info | View the Task Manager and Service Manager tool through remote control |
| Manage Device Tasks | Execute/kill device processes through remote control |
| View Device System Info | View device system information through remote control |
| Open DOS Command Window | Open the DOS Command Box and execute MobiControl commands through remote control |
| Remote Control Scripting | Execute script files on the device through remote control |
| Send Keyboard/Mouse Input | Send keyboard/mouse input to the device through remote control |
| Remote Control Device Without Notification | Start a remote control session without requiring the device user to accept the session |
| Manage Device Notes | Add, edit and delete device notes |
| Location Services | View the device's GPS location |
| Device Agent Upgrade | Enable, disable, or force agent upgrade for device(s) in the group |
| Network Agent Upgrade | Enable, disable, or force agent upgrade for the entire network |