About user roles and resources
In the role-based access control (RBAC) system, the role assigned to a user dictates the features the user can access.
Main menu items and icons that appear on the left depend on the role assigned to a user. For example, if you only assign access to policies for a standard user, when logging in the user sees only the Home and Policies menu items.
User roles
Determine the role and responsibilities of a user. There are two user types:
- Administrator: An administrator can access all areas of EPM. An administrator user does not require any additional setup for roles and resources, as this account can access and manage all areas of the system.
- Standard User: A standard user has delegated access based on the resources assigned to the user.
Resources
Computer Groups
The following computer group roles can be assigned to a standard user, for either all groups or individually selected groups.
| Role | Menu access to | Description |
|---|---|---|
| Assign Policy to Group | Home, Policies, and Computer Groups |
User can view policies and computer groups, and assign policies and revisions to selected computer groups. |
| Analyze Group | Home, Computer Groups and Analytics |
User can view data analytics for selected computer groups. Access to Analytics 1.0 is restricted. A user requires the Analyze Groups permission for all groups for a user to see Analytics 1.0. |
| Create Groups | Home and Computer Groups | User can create, edit, and view selected group properties. |
| Edit Group | Home and Computer Groups | User can view and edit selected computer group properties. |
| View Group | Home and Computer Groups | User can only view selected computer groups. This option is automatically selected when any of the other options are selected. |
Policies
The following policies roles can be assigned to a standard user, for either all policies or individually selected policies.
| Role | Access to | Description |
|---|---|---|
| Create Policies | Home and Policy | User can create, edit, and view selected policies. |
| Edit Policy | Home and Policy | User can view and edit selected policies. |
| View Policy | Home and Policy | User can only view selected policies. This option is automatically selected when the edit option is selected. |
Configuration Settings
As an administrator, delegate access to configuration settings so that the user only sees the resources they need access to. A standard user can be assigned edit and view permissions on each of the configuration areas of EPM.
Assign a standard user the Edit Setting permission when they need to access and change settings for a particular configuration setting.
A standard user can see but not interact with settings when assigned the View Setting permission.
The user will not see the configuration setting if neither edit nor view is selected.
The About configuration setting cannot be assigned edit permissions. All standard users can see About information but they cannot change the information on the About page.
Automatic Role Mappings on Upgrade
When upgrading from EPM 22.7 and earlier to version 22.8 and later, existing roles will be mapped as follows.
| 22.7 and Earlier Role | 22.8 and Later Role and Access |
|---|---|
| Administrator | Administrator |
| Computer Administrator | Group Editor and Viewer, Policy Viewer and Assigner |
| Policy Administrator | Group Viewer, Policy Editor, Policy Viewer, Policy Assigner, Analytics |
| Policy Editor | Group Viewer, Policy Editor and Viewer, Analytics |
| Standard User | Group Viewer, Policy Viewer, Analytics |
| Automation Client | Automation Client |
For more granular access, manually edit users and assign access to computer group and policy records.
