Access roles and rights for IBM MaaS360 Portal administrators
Information about access roles and access rights for IBM® MaaS360® Portal administrators.
| Role | Description |
|---|---|
Read-Only |
The Read-Only role provides view-only access to all devices,
policies, and applications. The |
Help Desk |
The Help Desk role provides the administrator with access rights to perform
Help Desk device management actions such as locating a device, sending messages or alerts to the
device, locking a device, or resetting a device passcode.The |
Administrator |
The Administrator role includes access rights for the Read-Only role and
manages devices. The |
Administrator Level 2 |
The Administrator Level 2 role provides the administrator with complete
device management access rights that includes creating and managing policies and applications.
The |
Service Administrator |
The Service Administrator role provides the administrator with top-level
Administrator level access rights to configure services and manage administrator accounts. The
|
Partner Administrator |
The Partner Administrator role onboards partners and customers, and performs
customer account actions that include extending trial accounts that are expiring and converting
trial accounts to customer accounts.Note: The new Partner Administrator Account Actions
Control access right controls the visibility of certain actions on the
Administrator Settings page in the IBM
MaaS360 Portal. For more information, see Account Actions Control access right for Partner Administrators.
|
| Role Information | Role | |||||||
|---|---|---|---|---|---|---|---|---|
| Right to access | Category | Description | Administrator | Administrator - Level 2 | Help Desk | Read Only | Service Administrator | Partner Administrator |
| Action History | Device Management | View global action history across all devices. | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Allow Bulk Edit of Policies | View, edit, bulk edit, or publish policies. | ✓ | ||||||
| App Attributes - All Access | App Management | Allows a user to manage custom attributes. | ✓ | |||||
| Approve Device | Device Management | Approve a blocked or quarantined device (ActiveSync/Traveler). | ✓ | |||||
| Apps - Read only | App Distribution | View-only access to apps. | ✓ | ✓ | ✓ | ✓ | ||
| Block Device | Device Management | Block an approved or quarantined device (ActiveSync/Traveler). | ✓ | |||||
| Bulk Upload Custom Attributes | Device Management | Upload a file in bulk to set custom attributes. | ✓ | ✓ | ✓ | |||
| Buzz Device | Device Management | Buzz a device through a Device View action. | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Change Compliance Rule Set | Device Management | Change a compliance rule set through a Device View action. | ✓ | ✓ | ✓ | ✓ | ||
| Change Device Policy | Device Management | Change a device policy through a Device View action. | ✓ | ✓ | ✓ | ✓ | ||
| Change Expense Mgmt Plan | Device Management | Change a mobile expense management plan through a Device View action. | ✓ | ✓ | ✓ | ✓ | ||
| Configure Email Settings | Manage end user email messages. | ✓ | ||||||
| Convert to Customer | Service Configuration | View and perform Convert to Customer. | ✓ | ✓ | ||||
| Deactivate Device | Device Management | Remove MDM control or hide devices through a Device View action. | ✓ | ✓ | ✓ | ✓ | ||
| Define App Approval Process | Administrator Management | Define or edit the app approval process. | ✓ | |||||
| Delete Button Control | Account Management | Control visibility of delete action for an account. | ✓ | |||||
| Device Enrollments - Read only | Device Management | View-only access to device enrollment requests. | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Device Group actions | Device Management | Push actions at a group level. | ✓ | ✓ | ✓ | |||
| Device View - Read only | Device Management | View-only access to the Device View (no actions). | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Device View-View All Devices | Device Management | Device View access restricted to View All Devices (no access to actions or smart search). | ✓ | |||||
| Distribute App for a device | Device Management | Distribute an app through a Device View action. | ✓ | ✓ | ✓ | ✓ | ||
| Distribute Apps | App Distribution | Distribute apps. | ✓ | |||||
| Distribute Doc for a device | Device Management | Distribute a doc through a Device View action. | ✓ | ✓ | ✓ | ✓ | ||
| Distribute Docs | Doc Distribution | Ability to distribute Docs | ✓ | |||||
| Distribute patches for a device | Device Management | Distribute patches for a device. | ✓ | |||||
| Docs - Read only | Doc Distribution | View-only access to docs. | ✓ | ✓ | ✓ | ✓ | ||
| EFOTA - Complete Access | Device Management | Read and write to EOFTA workflow. | ✓ | |||||
| Enable Alerts | Device Management | Enable alerts for enterprise customers. | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Enable Lost Mode Actions | Device Management | View Lost Mode actions. | ✓ | |||||
| Enable Watchlist | Device Management | Enable a Watchlist for Enterprise Customers. | ✓ | |||||
| Enable-Disable Debug Mode | Device Management | Manage debug mode. | ✓ | |||||
| Exit Kiosk Mode | Device Management | Exit Kiosk mode on the device. | ✓ | |||||
| Expense Mgmt Plans - Read only | Expense Management | View-only access to the expense management plans. | ✓ | ✓ | ✓ | ✓ | ||
| Expire Account | Service Configuration | View and perform Expire Account. | ✓ | ✓ | ||||
| Extend Trial | Service Configuration | View and perform Extend Account. | ✓ | ✓ | ||||
| FileVault Recovery Access Right | Device Management | Check the FileVault recovery key. | ✓ | |||||
| Install MDM App | Device Management | Install the MDM app through a Device View action. | ✓ | |||||
| Installed Apps - Read-only | App Management | Allows a user to view the installed apps workflow. | ✓ | |||||
| Locate Device | Device Management | Locate a device through a Device View action. | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Lock Device | Device Management | Lock a device through a Device View action. | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Manage Administrator Roles | Administrator Management | Create and manage roles and administrators. | ✓ | ✓ | ||||
| Manage App Approvals | Administrator Management | Manage app approvals. | ✓ | |||||
| Manage Apps Only No Distribution | App Distribution | Allow access to manage apps, but cannot distribute apps. | ✓ | |||||
| Manage Apps | App Distribution | Add, change, or delete apps. | ✓ | ✓ | ✓ | |||
| Manage Bulk Enrollments For Android | Device Management | Access the Android Configurator tab under Manage Enrollment Requests. | ✓ | |||||
| Manage Cloud Extenders | Device Management | Manage Cloud Extenders. | ✓ | ✓ | ✓ | |||
| Manage Custom Attributes | Device Management | Add, change, or delete custom attributes. | ✓ | ✓ | ✓ | |||
| Manage Device Enrollments | Device Management | Manage device enrollment requests. | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Manage Docs | Doc Distribution | Add, change, or delete docs. | ✓ | ✓ | ✓ | |||
| Manage Document Settings | Doc Distribution | Modify document settings. | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Manage Expense Mgmt Plans | Expense Management | Add, change, or delete expense management plans. | ✓ | ✓ | ||||
| Manage licenses | License Management | Change licenses assigned to a device, perform actions such as bulk assignment, bulk revoke, view bulk license history, and change device entitlements from the Device view page. | ✓ | |||||
| Manage Policies | Policy Management | Add, change, delete, or publish policies. | ✓ | ✓ | ✓ | |||
| Manage Policies - Read only | Policy Management | View-only access to policies. | ✓ | ✓ | ✓ | |||
| Manage SharePoint Settings | Doc Distribution | Modify SharePoint settings. | ✓ | ✓ | ||||
| Merge Duplicate Device Records | Device Management | Manually merge Android or Windows Phone 7 device records if automated merge cannot identify the devices to merge. | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Mobile Metrics - View and Propose new ideas | Mobile Analytics | View-only access to Mobile Metrics graphs and the ability to propose new ideas. | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Move and rename Action Control | Account Management | Control visibility of move and rename actions for an account. | ✓ | |||||
| On Premise Content Sync | Document Management | Configure the On Premise Content Sync Storage URL and the Tenant account. | ✓ | |||||
| Programmer Mode | Device Management | Execute enter and exit programmer mode actions. | ✓ | |||||
| Push OS patches to all devices | Device Management | Deploy patches to both test and production devices. | ✓ | |||||
| Push OS patches to Test devices | Device Management | Deploy patches to only test devices. | ✓ | |||||
| Read-Only Account | Service Configuration | Restrict the visibility of the account as Read-Only Account. | ✓ | ✓ | ||||
| Refresh Device Information | Device Management | Issue an on-demand refresh for all information about the device through a Device View action. | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Remote Control | Device Management | Use Remote Control on an end user device (Windows devices only). | ✓ | |||||
| Remote Control - Configure settings | Device Management | Configure applications that are used with Remote Control. | ✓ | |||||
| Remote Control device | Device Management | View and manage a device with Remote Control. | ✓ | |||||
| Remote Session | Device Management | View a remote session. | ✓ | |||||
| Remove App | Device Management | Remove an app through a Device View action. | ✓ | ✓ | ✓ | |||
| Reports | Reports | View graphs and reports in the Reports tab. | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Reset Device Passcode | Device Management | Reset the device passcode through a Device View action. | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Selective Wipe | Device Management | Selectively wipe (restrict) corporate data from a device and revoke the selective wipe from a device through a Device View action. | ✓ | ✓ | ✓ | ✓ | ||
| Send Message | Device Management | Send a message to a device through a Device View action. | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Services Configuration | Service Configuration | Enable extra services with a checklist workflow. | ✓ | ✓ | ||||
| Set Custom Attribute Value | Device Management | Set custom attribute values through a Device View action. | ✓ | ✓ | ✓ | ✓ | ✓ | |
| User Views - Generate Password | Device Management | Generate passwords for users through the View All Users workflow. | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Users - Read only | Device Management | View-only access to the User View. | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| View Admin Audit Reports | Admin Audit Reports | Ability to view audit reports for changes made by administrators on the portal. | ✓ | |||||
| View App Approval Process | Administrator Management | View the app approval process. | ✓ | |||||
| View Custom Attributes | Device Management | View-only access to custom attributes. | ✓ | |||||
| View license reports | License Management | View and download license usage reports. | ✓ | |||||
| View Mobile Insights | Mobile Analytics | View-only access to Mobile Insights on MaaS360 Portal Home page. | ✓ | ✓ | ||||
| Web Services | App Management | Allows user to set Web Services parameters. | ✓ | |||||
| Web Services - Read-only | App Management | View-only access to Web Services parameters. | ✓ | |||||
| Wipe Device | Device Management | Wipe the device or cancel pending wipe action through a Device View action. | ✓ | ✓ | ✓ | ✓ | ||