Configuring Roles and Permissions

Before you begin

Configuring roles and permissions requires:
  • SOTI MobiControl (15.4 or later) web console permissions to grant access to SOTI XSight.
  • SOTI XSight rights to grant granular permissions.

About this task

Configuring roles and permissions gives granular control for enhanced security by limiting access to specific capabilities, ensuring that users have access to the functions they require and nothing more.

Note: The SOTI MobiControl administrator of the default instance is also the default SOTI XSight administrator, and you cannot remove it. However, you can manually assign roles from other SOTI MobiControl instances or external sources as a SOTI XSight system administrator.

Procedure

  1. From the main menu, select Roles and Permissions. The Roles page opens.
  2. From the left panel, select Instances.
  3. Expand the instance containing the role to which you want to add permissions and select the role.
General
  1. Select General to grant permissions for general SOTI XSight functionality. The right panel displays related permissions.
  2. Turn on the following permissions as required to give a role feature access within SOTI XSight:

    • Incident Management

    • Operational Intelligence

      • Create Analysis Profile / Battery Pool
        Note: The create permission is only available if Operational Intelligence access is granted.

    • Live View

    • Generate XSight Agent

    • Watchlist
      • Create Watchlist Profile
        Note: The create permission is only available if Watchlist access is granted.

    • Manage Shared Topics

  3. If visible, select Save to commit your changes.
Incident Management Group
  1. Select incident management group permissions as required according to the following options.
    You may configure incident management group permissions via quick-select permissions or granular permissions.
    Note: Only system administrators can create or delete Incident Management groups. You cannot grant Incident Management group permissions upon creation.

    Quick-select Permissions

    The following options give a prepared selection of permissions:
    • Select Admin Permissions—Group members full available rights for Incident Management groups.
      Note: This is the same as selecting Full Control among the granular permissions.
    • Select Technician Permissions—Group members have all available rights except Manage Group.
    • Select Reporter Permissions—Group members have all available rights under Incidents.

    Granular Permissions

    Select the following granular permissions for the role within each applicable permissions group.

    Full Control Group members have all available rights.
    Manage Group Group members can:
    • Access Manage Group settings on the main Settings page
    • Rename and disable incident management groups
    Manage Incidents

    View SLA

    		 View the SLA status of non-draft incidents from the Due column of the incident dashboard and inside the incident.

    View Incidents

    Users can view all incidents that are in the group

    Note: Users can view incidents they are a reporter for regardless of permissions.

    Edit Status

    Change the status of incidents in the group.

    Note: Users can change the status of incidents they created regardless of assigned permissions.

    View Private Note

    		 View notes marked as private regardless of who created them.
    Create/Edit Private Note Create and edit private notes in incidents.

    Edit Priority

    		 Change the priority of incidents in the group.

    Create Email

    Create and send emails.

    Note: Sending emails requires an email configuration.

    Delete Incident

    Delete non-draft incidents from the group.

    Note: Users can delete draft incidents they created regardless of assigned permissions.

    Delete Reporter

    		 Separate the user from the incident.
    Note: The incident must be in draft.

    Associate Tag

    		 Add or remove tags from an incident.
    Note: Requires the View Tag permission.

    Edit Incident

    Change the subject, description, watcher, and linked incidents for non-draft incidents.

    Note: Anyone can edit draft incidents regardless of permissions.

    Edit Reporter

    		 Change the reporter in draft incidents.

    Edit Assignee

    Change the assignee of an incident.

    Note: Assignees require Manage Incidents or Manage Group permissions.
    Add Device Add/remove managed or unmanaged devices from incidents that are in open or pending state.
    Note: Users can add and remove devices for incidents in draft state regardless of permission.
    Note: This permission applies to SOTI XSight versions 2024.0.2 and later. In versions of SOTI XSight earlier than 2024.0.2, all of the Manage Incidents set of permissions are required for a user to be able to have this permission.

    View Tag

    Users can view all group tags. When selected, tags display on the IM page and within the group's incidents.

    Note: Required for roles with the Associate Tag permission.

    View Priority

    		 View the priority of group incidents.

    Create/View/Edit resolution note

    		 Create, view, or edit incident resolution notes.
    Incidents Create Incident Create an incident.
    Create/Edit Public Note Add or edit publicly visible incident notes.
    Add Attachment Add attachments to incidents.
  2. If visible, select Save to commit your changes.
Device Analysis Profiles
  1. From the list of device profiles, select the applicable options for each:
    Full Control Role members have all available rights.
    Manage profile Role members have full control to edit, deactivate and delete profiles.
    Note: You must have manage profile permissions for at least one profile to be able to manage App Mappings and Categories, Manage Web App Mappings and to Manage Shifts.
    Note: When a user selects manage profile, view profile and dashboard child permissions are granted by default.
    View profile Role members can see report data and configure settings for the shared view of profile dashboards.
    Note: Device list is available in the dashboard dropdown in Operational Intelligence only if the user has access to at least one dashboard.
    Note: Device spotlight in Operational Intelligence only shows information related to the dashboards the user has access to.
    View Battery Status Dashboard
    View App Usage Dashboard
    Note: App list is available in the dashboard dropdown in Operational Intelligence if the user has access to the App Usage or App Usage Shift Dashboard.
    View App Usage Shift Dashboard
    View Data Usage Dashboard
    View Last Location Dashboard
    View Signal Strength Dashboard
    View Wi-Fi Dashboard
    View Web App Usage Dashboard
    Note: Reports belonging to dashboards the user does not have permission to are not be available to the user in the reports dropdown in Operational Intelligence.
    Note: Viewing device profile reports or sharing links to them requires Manage Profiles or View Profiles permissions. Editing profile reports or adding/modifying a scheduled report requires Manage Profiles permission unless the report belongs to the user.
    Note: When creating or updating an analysis profile, users can also specify the permissions to grant to roles. See Creating an Analysis Profile.
  2. If visible, select Save to commit your changes.
Smart Battery Pools
  1. From the list of battery pools, select the applicable permission options for each:
    • Manage Pools—Role members have full control over the pool.
    • View Pools—Role members can see report data and configure the pool's shared view settings.
    Note: Only system administrators can create battery pools. When creating or updating a battery pool, authorized users can also specify the permissions to grant to roles. See Filtering and Customizing Dashboards.
  2. If visible, select Save to commit your changes.

Results

You have assigned and saved your required role permissions.