Roles and Securables
System roles
On the Roles page, a system role is indicated by an icon with a padlock 
.
System roles are built-in and are not configurable, however, they can be assigned to users the same as any other role. The following table lists the built-in system roles.
1E system role | Permissions | Allows delegation | Description |
|---|---|---|---|
| Yes | Use 1E Endpoint Troubleshooting, execute any Instruction (Action and Question), and view any Instruction response | |
| Yes | Use 1E Endpoint Troubleshooting, approve any Instruction for anyone other than self | |
| Yes | Use 1E Endpoint Troubleshooting, ask any Question and view any Instruction response | |
| Yes | Use 1E Endpoint Troubleshooting, view any Instruction response | |
| No | Has all the permissions available in the Platform and its Applications | |
| Yes | Add Users and Management Groups, and manage their roles and assignments, below this Group Administrator's assigned Management Group(s) | |
| No | Use 1E Endpoint Automation, manage Rules and Polices, and assign and deploy Policies | |
| Yes | Assign Policies to Management Groups (does not allow use of 1E Endpoint Automation) | |
| No | Use 1E Endpoint Automation, view dashboards | |
| No | Install and upgrade the Platform and Applications, register Consumers, upload Product Packs, manage Instruction Sets, and configure Roles and Permissions | |
| No | Manage Inventory repositories - populate and archive them - export data - manage Inventory associations | |
| No | View Inventory repositories, data and Inventory associations | |
| No | For service and equivalent accounts to perform 1E system operations |
Questions, responses, actions are examples of securables. Other Consumers may create their own system roles and securables.
Custom roles
On the Roles page, a custom role is indicated by an icon with a cogwheel
The following table lists built-in custom roles used by 1E Applications.
1E custom role | Permissions | Allows delegation | Description | Notes |
|---|---|---|---|---|
| Yes | The ServiceNow proxy user is added to this role instead of All Instructions Actioner so that ServiceNow users can only use instructions belonging to instruction sets assigned to this role | The ServiceNow proxy user is added to this role instead of All Instructions Actioner so that ServiceNow users can only use instructions belonging to instruction sets assigned to this role. | |
| No | Create, update, delete and view AppClarity Compliance, Entitlement, License Demand and Reclaim - view and export Inventory - view, edit, delete and export Associations | Renamed in 8.0 - was AppClarity Administrators. | |
| No | Create, update, delete and view Application Migration Rules and Role Based Application Sets to manage installations in your estate during operating system deployment | Renamed in 8.0 - was Application Migration Administrators. | |
| No | Create, update, delete and view AppClarity Compliance, Entitlement and License Demand - view AppClarity Reclaim - view and export Inventory - view, edit, delete and export Associations | Renamed in 8.0 - was Compliance Administrators. | |
| No | View AppClarity Compliance, Entitlement and License Demand | Renamed in 8.0 - was Compliance Viewers. | |
| No | Create, update, delete and view AppClarity Entitlement - view and export Inventory - view, edit, delete and export Associations | Renamed in 8.0 - was Entitlement Administrators. | |
| No | Use Experience Analytics, manage, assign and deploy Engagements (Surveys and Announcements), and manage Metrics | New role in 8.0 Effectively a combination of previous Survey Administrators and VDI Administrators roles. | |
| Yes | Assign Engagements to Management Groups (does not allow use of Experience Analytics) | New role in 8.0 | |
| No | Use Experience Analytics, view Survey responses, and view Metrics | Renamed in 8.0 - was Experience Viewers. | |
| No | Use Content Distribution, manage Pre-cache jobs, view the results of related Instructions and Client health policies | Renamed in 8.0 - was Nomad Administrators. Instruction set assigned manually after installation. | |
| No | Use Patch Success, manage and populate its Repository, and deploy Policies, use Endpoint Troubleshootingto deploy patches | New role in 8.0 Instruction set assigned manually after installation. | |
| No | Use Patch Success, and use Endpoint Troubleshooting to ask about Patch status on devices | Renamed in 8.0 - was Patch Success Viewers. Instruction set assigned manually after installation. | |
| No | Create, update, delete and view AppClarity Reclaim - view and export Inventory - view, edit, delete and export Associations | Renamed in 8.0 - was Reclaim Administrators. | |
| No | View AppClarity Reclaim | Renamed in 8.0 - was Reclaim Viewers. |
Securables and operations
In the SDK documentation, Securables are also known as Securable Types.
A Permission is one or more Operations for a Securable. The remit for a Securable is either Localized or Global. A Role that has only Localized permissions can be delegated.
Securable | Operations | Remit | Description |
|---|---|---|---|
Approve, Execute, View | Global | View, create, and cancel 1E Client deployment jobs | |
Add, Delete, Read | Global | View, upload, and delete 1E Client installers | |
Delete, Execute, Export, Read, Write | Global | View, create, edit, delete, export, and manage AppClarity Compliance and LDC | |
Delete, Execute, Export, Read, Write | Global | View, create, edit, delete, export, and manage AppClarity Entitlement | |
Delete, Execute, Export, Read, Write | Global | View, create, edit, delete, export, and manage AppClarity Reclaim | |
Delete, Write | Global | Install and uninstall Portal applications | |
Read, Write | Global | View and configure Components | |
Delete, Execute, Read, Write | Global | View, create, edit, delete, and test Connectors | |
Read, Write | Global | View, add, edit, and delete Consumers | |
Read, Write | Global | View, add, edit, and delete Custom properties | |
Assign | Localized | Assign Engagements (Surveys and Announcements) to Management Groups | |
Delete, Execute, Read, Write | Global | View, create, edit, delete, and enable Engagements (Surveys and Announcements) - this securable has been renamed in version 8.0 from Surveys | |
Delete, Read, Write | Localized | View, create, edit, and delete the configurations of event subscriptions | |
Read | Global | View Experience Analytics dashboards | |
Delete, Read, Write | Global | View, add, edit, and delete Rules, Fragments, Trigger templates, and Policies - view Endpoint Automation dashboards | |
Delete, Read, Write | Global | View System health and System information - view, add, and edit global settings | |
Read | Global | View Infrastructure log | |
Actioner, Approver, Questioner, Viewer | Localized | Execute, schedule, cancel, and approve instructions - view responses | |
Add, Delete, Read | Global | Upload DEXPack- add, modify, and delete instruction sets - delete instruction definitions | |
Export, Read | Global | View Inventory Insights dashboards and export inventory data | |
Delete, Export, Read, Write | Global | View, create, edit, and delete SCCM Associations in Inventory | |
Delete, Read, Synchronize, Write | Localized | Create, delete, edit, and initiate synchronization of Management Groups | |
Delete, Read, Write | Global | View Content Distributiondashboards and SSD peer data. View, add, and delete pre-cache jobs. Pause and resume download activity of Content Distribution clients | |
Offload | Global | Offload (forward) event data to any Web API responsible for processing that data | |
Assign | Localized | AssignEndpoint Automation policies to Management Groups | |
Execute | Global | Deploy all types of policies (including metrics, events, and engagements) except for Reclaim policies | |
Delete, Read, Write | Global | View and purge the Process log, Cancel all actions | |
Read, Write | Global | View and deploy patches at all endpoints | |
Delete, Read, Write | Global | View, create, edit, and delete Providers | |
Read | Global | Update, delete and view provider configurations | |
Archive, Delete, EvaluateManagementGroups, Execute, Populate, Read, Write | Global | ||
Populate, Read | Global | View and populate the BI respository | |
Archive, Delete, Populate, Read, Write | Global | ||
Archive, Delete, Populate, Read, Write | Global | ||
Archive, Delete, EvaluateManagementGroups, Populate, Read, Write | Global | View, create, edit, and delete Inventory repositories - populate and archive them | |
Read | Global | View Patch Success dashboards | |
Delete, Read, Write | Global | View, create, edit, and delete Schedules - view Schedule history | |
Delete, Read, Write | Localized | Add and remove Users - view all Roles - add, modify, and delete Custom roles - assign roles to users - view Audit information log | |
Read | Global | View Sync log | |
Read, Write | Global | View, create, edit, and delete application servers |