Skip to main content

1E 9.x (on-premises)

Roles and Securables
System roles

On the Roles page, a system role is indicated by an icon with a padlock System role icon.

System roles are built-in and are not configurable, however, they can be assigned to users the same as any other role. The following table lists the built-in system roles.

1E system role

Permissions

Allows delegation

Description

All Instructions Actioner

Yes

Use 1E Endpoint Troubleshooting, execute any Instruction (Action and Question), and view any Instruction response

All Instructions Approver

Yes

Use 1E Endpoint Troubleshooting, approve any Instruction for anyone other than self

All Instructions Questioner

Yes

Use 1E Endpoint Troubleshooting, ask any Question and view any Instruction response

All Instructions Viewer

Yes

Use 1E Endpoint Troubleshooting, view any Instruction response

Full Administrator
  • All

No

Has all the permissions available in the Platform and its Applications

Group Administrator

Yes

Add Users and Management Groups, and manage their roles and assignments, below this Group Administrator's assigned Management Group(s)

1E Endpoint Automation Administrator

No

Use 1E Endpoint Automation, manage Rules and Polices, and assign and deploy Policies

1E Endpoint Automation Policy Assigner

Yes

Assign Policies to Management Groups (does not allow use of 1E Endpoint Automation)

1E Endpoint Automation User

No

Use 1E Endpoint Automation, view dashboards

Installer

No

Install and upgrade the Platform and Applications, register Consumers, upload Product Packs, manage Instruction Sets, and configure Roles and Permissions

Inventory Administrator

No

Manage Inventory repositories - populate and archive them - export data - manage Inventory associations

Inventory User

No

View Inventory repositories, data and Inventory associations

1E System

No

For service and equivalent accounts to perform 1E system operations

Questions, responses, actions are examples of securables. Other Consumers may create their own system roles and securables.

Custom roles

On the Roles page, a custom role is indicated by an icon with a cogwheelCustom role icon

The following table lists built-in custom roles used by 1E Applications.

1E custom role

Permissions

Allows delegation

Description

Notes

1E ITSM Connect Actioner
  • InstructionSet (Actioner) on the instruction sets you wish to allow ServiceNow to use

Yes

The ServiceNow proxy user is added to this role instead of All Instructions Actioner so that ServiceNow users can only use instructions belonging to instruction sets assigned to this role

The ServiceNow proxy user is added to this role instead of All Instructions Actioner so that ServiceNow users can only use instructions belonging to instruction sets assigned to this role.

AppClarity Administrator

No

Create, update, delete and view AppClarity Compliance, Entitlement, License Demand and Reclaim - view and export Inventory - view, edit, delete and export Associations

Renamed in 8.0 - was AppClarity Administrators.

Application Migration Administrator

No

Create, update, delete and view Application Migration Rules and Role Based Application Sets to manage installations in your estate during operating system deployment

Renamed in 8.0 - was Application Migration Administrators.

Compliance Administrator

No

Create, update, delete and view AppClarity Compliance, Entitlement and License Demand - view AppClarity Reclaim - view and export Inventory - view, edit, delete and export Associations

Renamed in 8.0 - was Compliance Administrators.

Compliance Viewer

No

View AppClarity Compliance, Entitlement and License Demand

Renamed in 8.0 - was Compliance Viewers.

Entitlement Administrator

No

Create, update, delete and view AppClarity Entitlement - view and export Inventory - view, edit, delete and export Associations

Renamed in 8.0 - was Entitlement Administrators.

Experience Administrator

No

Use Experience Analytics, manage, assign and deploy Engagements (Surveys and Announcements), and manage Metrics

New role in 8.0

Effectively a combination of previous Survey Administrators and VDI Administrators roles.

Experience Engagement Assigner

Yes

Assign Engagements to Management Groups (does not allow use of Experience Analytics)

New role in 8.0

Experience User

No

Use Experience Analytics, view Survey responses, and view Metrics

Renamed in 8.0 - was Experience Viewers.

Nomad Administrator

No

Use Content Distribution, manage Pre-cache jobs, view the results of related Instructions and Client health policies

Renamed in 8.0 - was Nomad Administrators.

Instruction set assigned manually after installation.

Patch Success Administrator

No

Use Patch Success, manage and populate its Repository, and deploy Policies, use Endpoint Troubleshootingto deploy patches

New role in 8.0

Instruction set assigned manually after installation.

Patch Success User

No

Use Patch Success, and use Endpoint Troubleshooting to ask about Patch status on devices

Renamed in 8.0 - was Patch Success Viewers.

Instruction set assigned manually after installation.

Reclaim Administrator

No

Create, update, delete and view AppClarity Reclaim - view and export Inventory - view, edit, delete and export Associations

Renamed in 8.0 - was Reclaim Administrators.

Reclaim Viewer

No

View AppClarity Reclaim

Renamed in 8.0 - was Reclaim Viewers.

Securables and operations

In the SDK documentation, Securables are also known as Securable Types.

A Permission is one or more Operations for a Securable. The remit for a Securable is either Localized or Global. A Role that has only Localized permissions can be delegated.

Securable

Operations

Remit

Description

AgentDeployment

Approve, Execute, View

Global

View, create, and cancel 1E Client deployment jobs

AgentInstallerManagement

Add, Delete, Read

Global

View, upload, and delete 1E Client installers

AppClarity.Compliance

Delete, Execute, Export, Read, Write

Global

View, create, edit, delete, export, and manage AppClarity Compliance and LDC

AppClarity.Entitlement

Delete, Execute, Export, Read, Write

Global

View, create, edit, delete, export, and manage AppClarity Entitlement

AppClarity.Reclaim

Delete, Execute, Export, Read, Write

Global

View, create, edit, delete, export, and manage AppClarity Reclaim

Application

Delete, Write

Global

Install and uninstall Portal applications

Component

Read, Write

Global

View and configure Components

Connector

Delete, Execute, Read, Write

Global

View, create, edit, delete, and test Connectors

Consumer

Read, Write

Global

View, add, edit, and delete Consumers

CustomProperty

Read, Write

Global

View, add, edit, and delete Custom properties

EngagementAssignment

Assign

Localized

Assign Engagements (Surveys and Announcements) to Management Groups

Engagements

Delete, Execute, Read, Write

Global

View, create, edit, delete, and enable Engagements (Surveys and Announcements) - this securable has been renamed in version 8.0 from Surveys

EventSubscription

Delete, Read, Write

Localized

View, create, edit, and delete the configurations of event subscriptions

Experience

Read

Global

View Experience Analytics dashboards

GuaranteedState

Delete, Read, Write

Global

View, add, edit, and delete Rules, Fragments, Trigger templates, and Policies - view Endpoint Automation dashboards

Infrastructure

Delete, Read, Write

Global

View System health and System information - view, add, and edit global settings

InfrastructureLog

Read

Global

View Infrastructure log

InstructionSet

Actioner, Approver, Questioner, Viewer

Localized

Execute, schedule, cancel, and approve instructions - view responses

InstructionSetManagement

Add, Delete, Read

Global

Upload DEXPack- add, modify, and delete instruction sets - delete instruction definitions

Inventory

Export, Read

Global

View Inventory Insights dashboards and export inventory data

Inventory.Association

Delete, Export, Read, Write

Global

View, create, edit, and delete SCCM Associations in Inventory

ManagementGroup

Delete, Read, Synchronize, Write

Localized

Create, delete, edit, and initiate synchronization of Management Groups

Nomad

Delete, Read, Write

Global

View Content Distributiondashboards and SSD peer data. View, add, and delete pre-cache jobs. Pause and resume download activity of Content Distribution clients

OffloadingData

Offload

Global

Offload (forward) event data to any Web API responsible for processing that data

PolicyAssignment

Assign

Localized

AssignEndpoint Automation policies to Management Groups

PolicyDeployment

Execute

Global

Deploy all types of policies (including metrics, events, and engagements) except for Reclaim policies

ProcessLog

Delete, Read, Write

Global

View and purge the Process log, Cancel all actions

Protect

Read, Write

Global

View and deploy patches at all endpoints

ProviderConfiguration

Delete, Read, Write

Global

View, create, edit, and delete Providers

ProviderOperationLog

Read

Global

Update, delete and view provider configurations

Repository.ApplicationMigration

Archive, Delete, EvaluateManagementGroups, Execute, Populate, Read, Write

Global

Repository.BI

Populate, Read

Global

View and populate the BI respository

Repository.Compliance

Archive, Delete, Populate, Read, Write

Global

Repository.Entitlement

Archive, Delete, Populate, Read, Write

Global

Repository.Inventory

Archive, Delete, EvaluateManagementGroups, Populate, Read, Write

Global

View, create, edit, and delete Inventory repositories - populate and archive them

Repository.Patch

Read

Global

View Patch Success dashboards

Schedule

Delete, Read, Write

Global

View, create, edit, and delete Schedules - view Schedule history

Security

Delete, Read, Write

Localized

Add and remove Users - view all Roles - add, modify, and delete Custom roles - assign roles to users - view Audit information log

SynchronizationLog

Read

Global

View Sync log

VDI

Read, Write

Global

View, create, edit, and delete application servers