Editing permissions for custom roles

You can change the permissions associated with a custom role.

There are a few ways in which you can change a role's permissions:

  • Add permissions that were not assigned when the role was created
  • Assign permissions when new features are added to the Secure Endpoint Console
  • Revoke permissions
  • Assign Dual Approval limits

To edit permissions for a custom role:

  1. Log in to the Secure Endpoint Console as a System Administrator.
  2. On the navigation bar, click Settings > User management > Roles.

  3. On the Roles sidebar under Custom, click the role you want to change permissions for. The Permissions page opens. The symbols indicate the following:

    Permission is assigned to the role.
    Permission is not assigned to the role.
    - Permission is not assigned to any role (i.e. not applicable).
  4. Click Edit to open the Edit Permissions dialog.

  5. Update the role's feature permissions by doing the following:

    • To assign view and export (if applicable) permissions for a feature, select the View checkbox.
    • To assign view, export (if applicable), and edit permissions for a feature, select the Manage checkbox. The View checkbox is selected automatically.
    • To assign Activate, Publish, Run, or Perform permissions for a feature, select the feature's applicable Other Actions checkbox. If a View checkbox is associated with the feature, select it as well.
    • To revoke a permission, clear its checkbox.

  6. Update the role's dual approval limits by doing the following:

    1. In the Approval column, click the limit button beside the Device Action. The Limit details dialog opens.

    2. Select one of the following options from the drop-down:

      • No approval required
      • Daily limit
      • Always required
    3. If you selected Daily limit, enter the number of devices that can be included in requests before approval is required.
    4. If you selected Daily limit or Always required, select Approver beside the user roles that can approve requests created by the selected custom role.
    5. If you selected Daily limit or Always required, select Notify beside the user roles that will be notified when there are requests that require approval created by the selected custom role.
    6. Click outside of the Limit details dialog.
    7. Repeat the configuration for each Device Action you want to add limits to.
  7. Click Save.
  8. On the Role updated dialog, click OK.

The role is updated, and a Role updated event is logged to Event History.