Role based access control
Introduction
Technological evolution has led to the inevitable usage of endpoints such as desktops, laptops, and mobile devices in almost every sector. This has increased the profile of an IT administrator significantly. In a midsize network, it is quite an impossible task for a single person to cover all the aspects of system administration. Endpoint Central answers this concern through its User & Role Management module; delegating routine activities to chosen users with well-defined permission levels. It confines the access of systems to authorized users with the Role Based Access Control (RBAC) approach.
User-defined and predefined roles
You can tailor-make any number of roles in Endpoint Central and give them permissions of your choice based on your personalized needs. These roles can then be associated with Endpoint Central users. There are also a set of pre-defined roles that come handy:
- Administrator - The Administrator role signifies the Super Admin who exercises full control on all modules
- Guest - The Guest Role retains the Read Only permission to all modules.
- Technician - The Technician Role has a well-defined set of permissions to perform specific operations. Users under the Technician role are restricted from performing all the operations listed under the Admin tab.
- Auditor - The Auditor role is specially crafted for auditing purposes. This role will help you grant permissions to auditors to view the details of software inventory, check for license compliance, etc.
- Remote Desktop Viewer - The Remote Desktop Viewer Role will allow the users associated with it to invoke a remote desktop connection and view details of users who had connected to a particular system.
- IT Asset Manager - The IT Asset Manager has complete access to the Asset Management module and all the other features are inaccessible.
- Patch Manager - The Patch Manager role has complete access to the Patch Management module and all the other modules/features are inaccessible.
- Mobile Device Manager - The Mobile Device Manager has complete access to the MDM module and all the other modules/features are inaccessible.
- Remote Desktop Viewer - Remote Desktop Viewer is given with the complete privilege to invoke a remote desktop connection and view details of users who had connected to a particular computer.
Defining a scope for users
After defining the user's role, you can choose the target computers that will be mapped to every user. Therefore, a particular user with an assigned role will be able to perform the prescribed activities associated with that role, on the set of target computers mapped to the user. By limiting the user's permission to specific set of computers, the user possesses enough permission to perform his role but will not be able to take unduly advantage. The target that you define as the scope for the user, can be static unique groups, remote offices or all computers.