Default user roles and their permissions

Absolute includes the following default user roles, which are derived from the Classic roles:

  • System Administrators are the only users in Absolute that have all permissions, including the ability to configure authentication settings, and create custom roles and assign their permissions. As a result, the user assigned to this role has a high degree of power.
  • By default, the first user of your Absolute account is assigned the System Administrator role.

  • Security Administrators exist in those organizations that choose to designate certain Administrators as Security Administrators to manage the device and data security of assets. This user role has more access rights than Administrators.
  • Security Administrators are authorized to submit Freeze, File Delete, and Wipe actions. Security Administrators use the Absolute console to track and manage devices, both within the organization's local area network and outside of it.

  • Administrator + Unenroll Device users have the same permissions as an Administrator, but with the added permission to unenroll devices from your Absolute account.
  • Administrators manage their organization's devices and IT assets, and report device loss or theft. Administrators also create and manage various system communications, such as end user messaging, system notifications, and alerts and suspicious alert events. Administrators have access to all devices in an account.
  • Security Power Users exist in those organizations that choose to designate certain Powers Users as Security Power Users to manage the device and data security of assets. This user role has more access rights than Power Users.

    Security Power Users are authorized to submit Freeze, File Delete, and Wipe actions for devices in their assigned Device Group. Security Power Users use the Absolute console to track and manage devices within the organization's local area network.

  • Power User + Unenroll Device users have the same permissions as a Power User, but with the added permission to unenroll devices from your Absolute account.
  • Power Users have access rights to most features excluding security features. Administrators can restrict Power Users permissions to specific devices or device groups.
  • Power Users are typically granted access to the devices in a particular Classic Group, but they can also be granted access to all devices.

  • Guest Users have limited access to information and reports. These users cannot can't submit device actions, but they can report devices missing or stolen. Guest Users can only browse the Investigation Reports that they've created.
  • Guest Users are typically granted access to the devices in a particular Classic group, but they can also be granted access to all devices.

Permissions by feature and default user role

NOTE   Depending on the Absolute product licenses associated with your account, some features may not be available.

Permissions for the various features in the Absolute console depend on your user role:

Features and permissions

Security Administrator

Administrator

Security Power User

Power User

Guest User

Permissions for Security Power Users, Power Users, and Guest Users apply to devices in the user's assigned Classic group only. If a user is assigned to all devices in your account, permissions apply to all devices.

 

 

Dashboard

 

 

View available inventory-related dashboard widgets

P

P

P

P

P

View available security-related dashboard widgets

P

P

P

û

û

Assets

 

 

View and manage active devices on the All Devices page

P

P

P

P

P

View and manage missing devices on the Missing Devices page

P

P

P

P

P

View the location of devices in map view

P

P

P

P

û

View installed applications on the Applications page

P

P

P

P

P

Create and manage device groups and folders

P

P

P

P

û

View device groups and folders created by other users

P

P

P1

P1

P1

Manage device groups and folders created by other users

P

P

P1

P1

û

Create and manage Geofences

P

P

P

P

û

View Theft reports

P

P

P

P

P

Reports

 

 

View and export all predefined reports and Classic reports

P

P

P2

P2

P3

Create Device Analytics reports

P

P

P

P

P

Create, export, and share own reports

P

P

P

P

P

View reports shared by other users

P

P

P2

P2

P3

View usage of individual devices in Web Usage reports

P

P

û

û

û

Configure weekly time ranges in Web Usage reports

P

P

û

û

û

Manage websites included in Web Usage chart

P

P

P

P

View only

Policies

 

 

View, create, and manage policy groups

P

P

û

û

û

Assign licenses to policy groups

P

P

û

û

û

Configure and activate policies

P

P

û

û

û

Persistence: view policy configuration of third party applications

P

P

û

û

û

Create and manage alerts / View alert events

P

P

P

P

P

Create and manage rules

P

P

û

û

View only

Create and manage Offline Freeze rules

P

û

P

û

û

Create, manage, and publish EDD Rules

P

P

û

û

û

Custom Data: create and manage the Custom Data policy P P View only View only View only

Remediation

 

 

Reach Script: run and cancel scripts

P

P

P

û

û

Reach Script: edit temporary script location P View only View only û û

Reach Script: manage scripts (upload and save to library)

P

û

û

û

û

Microsoft AIP Microsoft Azure Information Protection (AIP) enables organizations to enforce policies governing the control and distribution of confidential or proprietary information. Depending on the Absolute products associated with your account, you may be able to use the Absolute console to protect at-risk files detected during an EDD scan.: Protect files / Remove protection

P

P

û

û

û

Device Actions

 

 

Unenroll Device

P

P

[Administrator + Unenroll Device role only]

P

P

[Power User + Unenroll Device role only]

û

Perform EDD scan

P

P

û

û

û

Submit Freeze, Conditional Freeze, and Remove Freeze requests

P

û

P

û

û

Delete File P û P û û
End User Messaging P P P P

û

Manage Supervisor Password4

û

û

û

û

û

Report Missing or Stolen

P

P

P

P

P

Report Found

P

P

P

P

P

Wipe Device

P

û

P

û

û

History

 

 

Events: view and export recent events

P

P

û

û

û

Actions: view recent Unenroll actions P

P

[Administrator + Unenroll Device role only]

P

P

[Power User + Unenroll Device role only]

û

Actions: view and cancel recent Script actions

P

P

P

û

û

Actions: view and cancel recent Delete File actions P P P

û

û

Actions: view and cancel recent Send Message actions P P P P

û

Actions: view and cancel recent Wipe actions

P

û

P

û

û

Settings

 

 

Action Preferences > Run Script P View only View only û û

Accept Service Agreement

P

P

View only

View only

View only

Agent Management > Assign agent versions

P

P

û

û

û

Agent Management > Install agent (Windows and Mac)

P

P

û

û

û

Agent Removal Requests

P

View only

P

View only

û

API Token Management

P

P P

P

P

Authentication Settings

P

P

View only

View only

View only

Configure Authentication (SSO and 2FA)4

û

û

û

û

û

Classic Account Settings

P

P

View only

View only

View only

Data > View and Edit Device Fields

P

P

P

P

View only

Data > Manage Device Fields

P

P

û

û

û

Device Freeze Messages

P

P

P

P

û

Disable Pre-Authorization

P

û

û

û

û

File List Summary Report

P

P

P

û

û

File Retrieval Summary Report

P

û

P

û

û

Import and export Classic groups

P

P

Export only

Export only

Export only

Messages

P

P

P

P

View only
SIEM integration: configure events4

û

û

û

û

û

SIEM integration: view configured events

P

P

P

P

P

Script Library

P

û

û

û

û

User Management: view users and roles

P

P

P

P

û

User Management: create and manage user profiles for other users

P

[All roles]

P

[All roles except Security Administrator]

P

[All roles except Administrator and Security Administrator]

P

[Guest Users only]

û

User Management: assign users to roles

P

[All roles]

P

[All roles except Security Administrator]

P

[All roles except Administrator and Security Administrator]

P

[Guest Users only]

û

User Management: create and manage custom roles4

û

û

û

û

û

Utilities: download tools P P P

P

P

Insights

 

 

Log in to and access the Insights console4 û û û û û

1 Applies only to users with access to all devices

2 Does not apply to reports in the Data Visibility report category or the Web Subscriptions report

3 Does not apply to reports in the Data Visibility report category, or any of the following reports: Upcoming Offline Device Freeze, Event History, and Web Subscriptions

4 Only System Administrators are granted this permission