Console rights provide access to specific Management Suite tools and
features. Users must have the necessary rights to perform
corresponding tasks. For example, in order to remote control
devices in their scope, a user must be part of a group that has the
remote control right.
Role-based administration includes the following
permissions:
Management
Suite Administrator
Agent configuration
Alerting
Basic Web console
Core synchronization
Custom data forms
Device management
Add or delete devices
Device monitoring
Device power control
Manage local users and groups
Manage public device groups
Unmanaged device discovery
Thin client
Link management
OS deployment-Provisioning
Power management
Public query management
Refresh scopes
Remote control tools
Chat
Execute programs
Reboot
Remote control
Transfer files
Endpoint security
Network access control
Patch and compliance
Security configurations
Software distribution
Delivery methods
Directory management
Distribution packages
Manage scripts
Software licensing
User administration
See the descriptions below to learn more about each permission
and how permissions can be used to create administrative roles.
NOTE:Scope
controls access to devices
Keep in mind that when using the features allowed by these
permissions, users will always be limited by their scope (the
devices they can see and manipulate).
Management Suite
Administrator
The Management Suite
Administrator permission provides full access to all of the
application tools (however, use of these tools is still limited to
the devices included in the administrator's scope).
The Management Suite
Administrator permission provides users the ability to:
Manage users with the Users tool.
See and configure product licensing in the
Configure menu.
Configure LANDesk services.
IMPORTANT: Perform ALL of the Management Suite tasks allowed by
the other permissions.
Agent configuration
No rights: Can’t see the tool.
View: Can see this tool and can view anything. Can’t
change anything.
Edit: Can see and change anything. Can’t deploy an
agent configuration job.
Deploy: Can see everything. Can’t change anything.
Can schedule any agent configuration task that they can see
(including public).
Edit public: Can assign configurations to public. Can
edit public configurations.
Alerting
No rights: Can’t see the tool.
View: Can see this tool and can view anything. Can’t
change anything.
Edit: Can see and change anything. Can’t deploy.
Deploy: Can see everything. Can’t change anything.
Can deploy.
Basic Web console
No rights: Can’t log into Web console.
View: Not applicable.
Edit: Can log into Web console and see the most basic
things.
Deploy: Not applicable.
Core synchronization
No rights: No core synchronization tool. No
right-click options to Autosync or Copy to core.
Still show import and export options. (These are tied into the
"Edit" right for the tool that has these options.)
View: Can see the tool, but can't make any changes.
Still no synchronization options in context menus as above.
Edit: Can do everything. Add/remove target cores,
turn components on and off, enable auto sync on instances, and
manual sync.
Deploy: Not applicable.
Custom data forms
No rights: Can’t see the tool.
View: Can see this tool and can view anything. Can’t
change anything.
Edit: Can see and change anything. Can’t deploy.
Deploy: Can see everything. Can’t change anything.
Can deploy.
Device management
Add / Delete devices
No rights:
Can’t see the Insert new computer option in
the context menu when viewing All devices in the Network
view.
Can’t see the Delete option in the context
menu when selecting a device in the Network view.
Can’t see the Network view > Configuration >
User added computers tree node.
View: Not applicable.
Edit:
Can see and use the Insert new computer option
in the context menu when viewing All devices in the
Network view.
Can see and use the Delete option in the
context menu when selecting a device in the Network
view.
Can see the Network view > Configuration >
User added computers tree node.
Deploy: Not applicable.
Manage public device groups
No rights: Can’t change anything in Public
devices.
View: Not applicable.
Edit: Not applicable.
Deploy: Not applicable.
Edit Public: Can create, delete and change device
groups in Public devices. Can move a device group into
Public devices.
Unmanaged device discovery
No rights: Can’t see the UDD tool.
View: Can open the UDD tool and view any item. Can’t
create/delete/edit anything.
Edit: Can open the UDD tool and view any item. Can
create/delete/edit anything.
Deploy: Can open the UDD tool and view any item.
Can’t create/delete/edit anything. Can schedule a UDD task.
Device monitoring
No rights: Can’t see Device monitoring from
the Configure menu.
View: Can see the Alerting tool and Logs tool. Can
see information in the Device monitoring tool. Can't edit it.
Edit: Can see the Alerting tool and Logs tool. Can
see and edit information in the Device monitoring tool.
Deploy: Not applicable.
Wake/Reboot/Shutdown
Edit: Can see and use Wake up, Reboot
and Shutdown options in the context menu when selecting a
device.
Manage local users and groups
Edit: Can see and use Manage local users and
groups in the context menu when selecting a device.
Handheld
No rights: Can’t see the handheld tools.
View: Can see the handheld tools. Can’t change
anything.
Edit: Can create, edit and delete items. Can't
schedule a job.
Deploy: Can't create, edit and delete items. Can
schedule a job. Can use the Handheld task button in the
Scheduled tasks tool.
Launchpad
No rights: Can’t see the Launchpad tool.
View: Can see the tool. Can’t change anything.
Edit: Can create, edit, and delete items. Can't
schedule a task/policy.
Deploy: Can't create, edit, and delete items. Can
schedule a task/policy.
OS Deployment / Provisioning
No rights: Can’t see the OS Deployment tool.
View: Can see the tool. Can’t change anything.
Edit: Can create, edit and delete items. Can't
schedule tasks.
Deploy: Can schedule tasks for items that they can
see (including public). Can't create, edit and delete items.
Edit Public: Can move items to the Public folder. Can
create, edit or delete items in the Public folder.
Power management
No rights: Can’t see the Power Management tool.
View: Can see the tool. Can’t change anything.
Edit: Can create, edit and delete items. Can't
schedule tasks.
Deploy: Can schedule tasks for items that they can
see (including public). Can't create, edit and delete items.
Edit Public: Can move items to the Public folder. Can
create, edit or delete items in the Public folder.
Public query management
No rights: Regular behavior.
View: Not applicable.
Edit: Not applicable.
Deploy: Not applicable.
Edit Public: Can move queries to the Public folder.
Can create, edit or delete queries in the Public folder.
Refresh scopes
No rights: The Network view's Refresh scopes
toolbar button doesn't do anything.
Edit: The Network view's Refresh scopes toolbar
button updates all scopes. Use this when you've added devices to a
scope or changed a user's scope and you want that user to see the
new scope. Otherwise the scope refresh can wait up to an hour
before it occurs automatically.
Remote control tools
Remote control
No rights: Can’t see the Remote control >
Remote control option in the context menu.
View: Can see the Remote control > Remote
control option and can remote control a device. Can’t take
control of the device (view only).
Edit: Can see the Remote control > Remote
control option and can remote control and take control of a
device.
Deploy: Not applicable.
Execute programs
Edit: Can see the Remote control > Execute
program option and can use it. The Execute program
option is enabled in the Remote control window.
Transfer files
Edit: Can see the Remote control > Transfer
files option and can use it. The Transfer files option
is enabled in the Remote control window.
Chat
Edit: Can see the Remote control > Chat
option and can use it. The Chat option is enabled in the
Remote control window.
Reboot
Edit: Can see the Remote control > Reboot
option and can use it. The Reboot option is enabled in the
Remote control window.
Security
Patch and compliance
No rights: Can’t see the tool. Can’t see any
scheduled tasks or policies in software distribution that are
created from the tool.
View: Can see the tool. Can see everything inside.
Can't download content, create/edit/delete configurations, or
change anything. Access is read-only.
Edit: Can see the tool. Can see everything inside.
Can edit anything. Can’t schedule anything, including: content
downloads, scan jobs, repair jobs, gather history, etc.
Deploy: Can see the tool. Can see everything inside.
Can't modify anything, but can create a task or policy using the
information there for items that they can see (including
public).
Edit Public: Can move items to the Public folder. Can
create, edit or delete items in the Public folder.
Security configurations
No rights: Can’t see the tool. Can’t see any
scheduled tasks or policies in the Scheduled tasks window that are
created from this tool.
View: Can see this tool and the Security Activities
tool. Can look at but not change any configurations or create any
tasks.
Edit: Can see the tool and the Security Activities
tool. Can see everything inside. Can edit anything. Can’t schedule
anything.
Deploy: Can see the tool and the Security Activities
tool. Can see everything inside. Can't modify anything, but can
create a task or policy to deploy this to a client or change its
configuration for items that they can see (including public).
Edit Public: Can move items to the Public folder. Can
create, edit or delete items in the Public folder.
Network access control
No rights: Can’t see the tool.
View: Can see this tool and can view anything (such
as the 802.1x configuration). Can’t change anything.
Edit: Can see and change anything, including
publishing NAC settings.
Deploy: Not applicable.
Software distribution
Delivery methods
View: Can see the tool and everything in it.
Edit: Can create/edit/delete methods.
Deploy: Not applicable.
Edit Public: Can move items to the Public folder. Can
create, edit or delete items in the Public folder.
Distribution packages
View: Can see the tool and everything in it.
Edit: Can create/edit/delete packages.
Deploy:
Can deploy a package in the distribution package
tool.
Can use the Create software distribution task
button in the Scheduled tasks tool.
Can use the Create custom script task button
in the Scheduled tasks tool.
This applies to all items that they can see
(including public).
Edit Public: Can move items to the Public folder. Can
create, edit or delete items in the Public folder.
Directory manager
View: Can see the tool and everything in it (assuming
someone has authenticated already).
Edit: Can authenticate to a new directory and can see
everything and can create/edit/delete queries.
Deploy: Not applicable.
Manage scripts
View: Can see this tool and can view anything. Can’t
change anything.
Edit: Can see and change anything. Can’t schedule a
task.
Deploy: Can schedule tasks for items that they can
see (including Public). Can't create, edit and delete items.
Edit Public: Can move items to the Public folder. Can
create, edit or delete items in the Public folder.
Scheduled tasks
If someone has "Deploy" rights for a tool that uses
tasks that can be scheduled, they can see the scheduled task
tool.
If someone has "Deploy" rights they have rights to
modify any part of the type of task that they have "Deploy" rights
for (for example, agent configuration, software distribution,
Patch, etc.).
If someone has "Deploy" rights, they can change only
the Target and the Schedule panes of a Public
task.
If someone has "Deploy" rights and "Edit Public"
rights, they can make any changes to Public tasks and can move
tasks to and from the Public folder.
If someone has "Edit Public" rights but not "Deploy"
rights, they can't edit any task of that type, including Public
tasks.
Software license monitoring
No rights: Can’t see the Software license monitoring
tool.