Assignments page
The Assignments page lets you view and manage current assignments for Tachyon roles, management groups, users and groups, from this page you can:
View all current assignments
Add new assignments
Remove current assignments.
Roles assignments
Roles focus on all Tachyon roles, with the total of their current assignments listed next to each title. To add new assignments to a role, you can click on the role name. This displays that role's current assignments, with an information panel displaying a summary of that role and the securable types associated with that role.
In our example we have a new Tachyon installation with only a few assignments, the one shown in the picture is of the Full Administrator role which is assigned to the group All_Devices_Full_Administrator and is assigned to All Devices. We have used a group to control the assignment instead of an individual user account.
Refer to the Roles page for recommendations about how best to use roles, and for a full list of roles, permissions and if a role is delegatable.
Example Role assignment
In our example, we want to use the delegation feature of Tachyon and use the Group Administrator role to delegate some tasks to a child management group of All Devices called Servers to another administrator.
We'll assign the Group Administrator role to a Universal AD group called Server_Group_Administrator which we have added to Tachyon using the Users and Groups page.
To add the new assignment:
On the Settings→Permissions→Assignments page, we click on the title of the role to configure, in this case Group Administrator this displays the Assignments page focused on that role.
Clicking the plus sign button allows us to add our group, Server_Group_Administrator and the associated management group, Servers.
Once we've selected the group and management group, we click the Save button.
Management Groups assignments
The Management Groups tab focus on the management groups you have set up in your Tachyon installation, with the total of their current assignments listed next to each title. To add new assignments to a management group, you can click on the management group name. This displays that group's current assignments, with an information panel displaying a summary of that role and the assignments that are inherited with that group.
In our example we have a new Tachyon installation with only a few management groups, the one shown in the picture is of All Devices among the assignments is the group All_Devices_Full_Administrator and an inherited assignment Server_Group_Administrator from the management group Servers. We have used groups to control the assignments instead of individual user accounts.
Refer to the Roles page for recommendations about how best to use roles, and for a full list of roles, permissions and if a role is delegatable.
For recommendations about using and creating management groups refer to the Management Groups page and Management Groups - tutorial.
Example Management Group assignment
In our example, we want to use the delegation feature of Tachyon and use the Group Administrator role to delegate some tasks to a child management group of All Devices called Workstations to another administrator.
We'll assign the Group Administrator role to a Universal AD group called Workstation_Group_Administrator which we have added to Tachyon using the Users and Groups page.
To add the new assignment:
On the Settings→Permissions→Assignments page, we click on Management Groups and then the title of the group to configure, in this case Workstations this displays the Assignments page focused on that group.
Clicking the plus sign button allows us to add our group, Workstation_Group_Administrator and the associated delegatable role, Group Administrator.
Once we've selected the group and role, we click the Save button.
Users and Groups assignments
Users and Groups focuses on the users and groups you have set up in your Tachyon installation, with the total of their current assignments listed next to each title. To add new assignments, you can click on the user or group name. This displays that user or group's current assignments, with an information panel displaying a summary of that user or group.
In our example we have a new Tachyon installation with only a few groups and accounts, the one shown in the picture is of All Devices among the potential groups we can assign is the group Sales_Group_Administrator. We have used groups to control the assignments instead of individual user accounts.
Refer to the Users and Groups page for recommendations about how to define users and set their access rights and deactivating or removing Tachyon users or groups.
Refer to the Roles page for recommendations about how best to use roles, and the Roles and Securables page for a full list of roles and permissions.
Example Users and Groups assignment
In our example, we want to use the delegation feature of Tachyon and use the Group Administrator role to delegate some tasks to a child management group of All Devices\Workstations called Sales to another administrator.
We'll assign the Group Administrator role to a Universal AD group called Sales_Group_Administrator which we have added to Tachyon using the Users and Groups page.
To add the new assignment:
On the Settings→Permissions→Assignments page, we click on Users and Groups and then the title of the group to configure, in this case 1ETRN\Sales_Group_Administrator this displays the Assignments page focused on that group.
Clicking the plus sign button allows us to add the Sales management group and the associated role, Group Administrator.
Once we've selected the group and role, we click the Save button.
Using this type of structure, we can mirror the organization we have in our Configuration Manager collections or Active Directory.
Once we have completed assigning our Group Administrator role to our management groups and associated Tachyon groups, we can effectively delegate responsibility for groups of devices. In our example, this is based on department, where we have OUs in AD that represent different business functions and where we use different administrators to manage each department's devices.
This model could easily apply to organizations that have offices in different locations, whether that is in one country or many. Indeed, you could use management groups to manage different types of device or model or just by OS.
