Roles and Permissions
Before you begin
- SOTI MobiControl (15.4 or later) web console permissions to grant access to SOTI XSight.
- SOTI XSight rights to grant granular permissions.
About this task
Configuring roles and permissions gives granular control for enhanced security by limiting access to specific capabilities, ensuring that users have access to the functions they require and nothing more.
Procedure
- From the main menu, select Roles and Permissions. The Roles page opens.
- From the left panel, select Instances.
- Expand the instance containing the role to which you want to add permissions and select the role.
- Select General to grant permissions for general SOTI XSight functionality. The right panel displays related permissions.
-
Turn on the following permissions as required to give a role feature access
within SOTI XSight:
- Incident Management
- Operational Intelligence
- Create Analysis Profile / Battery Pool Note: The create permission is only available if Operational intelligence access is granted.
- Create Analysis Profile / Battery Pool
- Live View
- Generate XSight Agent
- Chat
- Watchlist
- Create Watchlist ProfileNote: The create permission is only available if Watchlist access is granted.
- Create Watchlist Profile
- Manage Shared Topics
- If visible, select Save to commit your changes.
-
Select incident management group permissions as required according to the
following options.
You may configure incident management group permissions via quick-select permissions or granular permissions.Note: Only system administrators can create or delete Incident Management groups. You cannot grant Incident Management group permissions upon creation.
Quick-select Permissions
The following options give a prepared selection of permissions:- Select Admin Permissions—Group members full available rights for Incident
Management groups.Note: This is the same as selecting Full Control among the granular permissions.
- Select Technician Permissions—Group members have all available rights except Manage Group.
- Select Reporter Permissions—Group members have all available rights under Incidents.
Granular Permissions
Select the following granular permissions for the role within each applicable permissions group.
Full Control Group members have all available rights. Manage Group Group members can: - Access Manage Group settings on the main Settings page
- Rename and disable incident management groups
Manage Incidents View SLA
View the SLA status of non-draft incidents from the Due column of the incident dashboard and inside the incident. View Incidents
Users can view all incidents that are in the group
Note: Users can view incidents they are a reporter for regardless of permissions.Edit Status
Change the status of incidents in the group.
Note: Users can change the status of incidents they created regardless of assigned permissions.View Private Note
View notes marked as private regardless of who created them. Create/Edit Private Note Create and edit private notes in incidents. Edit Priority
Change the priority of incidents in the group. Create Email
Create and send emails.
Note: Sending emails requires an email configuration.Delete Incident
Delete non-draft incidents from the group.
Note: Users can delete draft incidents they created regardless of assigned permissions.Delete Reporter
Separate the user from the incident. Note: The incident must be in draft.Associate Tag
Add or remove tags from an incident. Note: Requires the View Tag permission.Edit Incident
Change the subject, description, watcher, and linked incidents for non-draft incidents.
Note: Anyone can edit draft incidents regardless of permissions.Edit Reporter
Change the reporter in draft incidents. Edit Assignee
Change the assignee of an incident.
Note: Assignees require Manage Incidents or Manage Group permissions.Add Device Add/remove managed or unmanaged devices from incidents that are in open or pending state. Note: Users can add and remove devices for incidents in draft state regardless of permission.Note: This permission applies to SOTI XSight versions 2024.0.2 and later. In versions of SOTI XSight earlier than 2024.0.2, all of the Manage Incidents set of permissions are required for a user to be able to have this permission.View Tag
Users can view all group tags. When selected, tags display on the IM page and within the group's incidents.
Note: Required for roles with the Associate Tag permission.View Priority
View the priority of group incidents. Create/View/Edit resolution note
Create, view, or edit incident resolution notes. Incidents Create Incident Create an incident. Create/Edit Public Note Add or edit publicly visible incident notes. Add Attachment Add attachments to incidents. - Select Admin Permissions—Group members full available rights for Incident
Management groups.
- If visible, select Save to commit your changes.
-
From the list of device profiles, select the applicable options for each:
Full Control Role members have all available rights. Manage profile Role members have full control to edit, deactivate and delete profiles. Note: You must have manage profile permissions for at least one profile to be able to manage App Mappings and Categories, Manage Web App Mappings and to Manage Shifts.Note: When a user selects manage profile, view profile and dashboard child permissions are granted by default.View profile Role members can see report data and configure settings for the shared view of profile dashboards. Note: Device list is available in the dashboard dropdown in Operational Intelligence only if the user has access to at least one dashboard.Note: Device spotlight in Operational Intelligence only shows information related to the dashboards the user has access to.View Battery Status Dashboard View App Usage Dashboard Note: App list is available in the dashboard dropdown in Operational Intelligence if the user has access to the App Usage or App Usage Shift Dashboard.View App Usage Shift Dashboard View Data Usage Dashboard View Last Location Dashboard View Signal Strength Dashboard View Wi-Fi Dashboard View Web App Usage Dashboard Note: Reports belonging to dashboards the user does not have permission to are not be available to the user in the reports dropdown in Operational Intelligence.Note: Viewing device profile reports or sharing links to them requires Manage Profiles or View Profiles permissions. Editing profile reports or adding/modifying a scheduled report requires Manage Profiles permission unless the report belongs to the user.Note: When creating or updating an analysis profile, users can also specify the permissions to grant to roles. See Creating an Analysis Profile. - If visible, select Save to commit your changes.
-
From the list of battery pools, select the applicable permission options for
each:
- Manage Pools—Role members have full control over the pool.
- View Pools—Role members can see report data and configure the pool's shared view settings.
Note: Only system administrators can create battery pools. When creating or updating a battery pool, authorized users can also specify the permissions to grant to roles. See Filtering and Customizing Dashboards. - If visible, select Save to commit your changes.