Understanding console rights

Console rights provide access to specific Management Suite tools and features. Users must have the necessary rights to perform corresponding tasks. For example, in order to remote control devices in their scope, a user must be part of a group that has the remote control right.

Role-based administration includes the following permissions:

• Management Suite Administrator
• Agent configuration
• Alerting
• Basic Web console
• Core synchronization
• Custom data forms
• Device management
• Add or delete devices
  • Device monitoring
  • Device power control
  • Manage local users and groups
  • Manage public device groups
  • Unmanaged device discovery
• Thin client
• Link management
• OS deployment-Provisioning
• Power management
• Public query management
• Refresh scopes
• Remote control tools
  • Chat
  • Execute programs
  • Reboot
  • Remote control
  • Transfer files
• Endpoint security
  • Network access control
  • Patch and compliance
  • Security configurations
• Software distribution
  • Delivery methods
  • Directory management
  • Distribution packages
  • Manage scripts
• Software licensing
• User administration

See the descriptions below to learn more about each permission and how permissions can be used to create administrative roles.

NOTE: Scope controls access to devices

Keep in mind that when using the features allowed by these permissions, users will always be limited by their scope (the devices they can see and manipulate).

Management Suite Administrator

The Management Suite Administrator permission provides full access to all of the application tools (however, use of these tools is still limited to the devices included in the administrator's scope).

The Management Suite Administrator permission provides users the ability to:

• Manage users with the Users tool.
• See and configure product licensing in the Configure menu.
• Configure LANDesk services.
• IMPORTANT: Perform ALL of the Management Suite tasks allowed by the other permissions.

Agent configuration

• No rights: Can’t see the tool.
• View: Can see this tool and can view anything. Can’t change anything.
• Edit: Can see and change anything. Can’t deploy an agent configuration job.
• Deploy: Can see everything. Can’t change anything. Can schedule any agent configuration task that they can see (including public).
• Edit public: Can assign configurations to public. Can edit public configurations.

Alerting

• No rights: Can’t see the tool.
• View: Can see this tool and can view anything. Can’t change anything.
• Edit: Can see and change anything. Can’t deploy.
• Deploy: Can see everything. Can’t change anything. Can deploy.

Basic Web console

• No rights: Can’t log into Web console.
• View: Not applicable.
• Edit: Can log into Web console and see the most basic things.
• Deploy: Not applicable.

Core synchronization

• No rights: No core synchronization tool. No right-click options to Autosync or Copy to core. Still show import and export options. (These are tied into the "Edit" right for the tool that has these options.)
• View: Can see the tool, but can't make any changes. Still no synchronization options in context menus as above.
• Edit: Can do everything. Add/remove target cores, turn components on and off, enable auto sync on instances, and manual sync.
• Deploy: Not applicable.

Custom data forms

• No rights: Can’t see the tool.
• View: Can see this tool and can view anything. Can’t change anything.
• Edit: Can see and change anything. Can’t deploy.
• Deploy: Can see everything. Can’t change anything. Can deploy.

Device management

Add / Delete devices

• No rights:
  • Can’t see the Insert new computer option in the context menu when viewing All devices in the Network view.
  • Can’t see the Delete option in the context menu when selecting a device in the Network view.
  • Can’t see the Network view > Configuration > User added computers tree node.
• View: Not applicable.
• Edit:
  • Can see and use the Insert new computer option in the context menu when viewing All devices in the Network view.
  • Can see and use the Delete option in the context menu when selecting a device in the Network view.
  • Can see the Network view > Configuration > User added computers tree node.
• Deploy: Not applicable.

Manage public device groups

• No rights: Can’t change anything in Public devices.
• View: Not applicable.
• Edit: Not applicable.
• Deploy: Not applicable.
• Edit Public: Can create, delete and change device groups in Public devices. Can move a device group into Public devices.

Unmanaged device discovery

• No rights: Can’t see the UDD tool.
• View: Can open the UDD tool and view any item. Can’t create/delete/edit anything.
• Edit: Can open the UDD tool and view any item. Can create/delete/edit anything.
• Deploy: Can open the UDD tool and view any item. Can’t create/delete/edit anything. Can schedule a UDD task.

Device monitoring

• No rights: Can’t see Device monitoring from the Configure menu.
• View: Can see the Alerting tool and Logs tool. Can see information in the Device monitoring tool. Can't edit it.
• Edit: Can see the Alerting tool and Logs tool. Can see and edit information in the Device monitoring tool.
• Deploy: Not applicable.

Wake/Reboot/Shutdown

• Edit: Can see and use Wake up, Reboot and Shutdown options in the context menu when selecting a device.

Manage local users and groups

• Edit: Can see and use Manage local users and groups in the context menu when selecting a device.

Handheld

• No rights: Can’t see the handheld tools.
• View: Can see the handheld tools. Can’t change anything.
• Edit: Can create, edit and delete items. Can't schedule a job.
• Deploy: Can't create, edit and delete items. Can schedule a job. Can use the Handheld task button in the Scheduled tasks tool.

Launchpad

• No rights: Can’t see the Launchpad tool.
• View: Can see the tool. Can’t change anything.
• Edit: Can create, edit, and delete items. Can't schedule a task/policy.
• Deploy: Can't create, edit, and delete items. Can schedule a task/policy.

OS Deployment / Provisioning

• No rights: Can’t see the OS Deployment tool.
• View: Can see the tool. Can’t change anything.
• Edit: Can create, edit and delete items. Can't schedule tasks.
• Deploy: Can schedule tasks for items that they can see (including public). Can't create, edit and delete items.
• Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

Power management

• No rights: Can’t see the Power Management tool.
• View: Can see the tool. Can’t change anything.
• Edit: Can create, edit and delete items. Can't schedule tasks.
• Deploy: Can schedule tasks for items that they can see (including public). Can't create, edit and delete items.
• Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

Public query management

• No rights: Regular behavior.
• View: Not applicable.
• Edit: Not applicable.
• Deploy: Not applicable.
• Edit Public: Can move queries to the Public folder. Can create, edit or delete queries in the Public folder.

Refresh scopes

No rights: The Network view's Refresh scopes toolbar button doesn't do anything.

Edit: The Network view's Refresh scopes toolbar button updates all scopes. Use this when you've added devices to a scope or changed a user's scope and you want that user to see the new scope. Otherwise the scope refresh can wait up to an hour before it occurs automatically.

Remote control tools

Remote control

• No rights: Can’t see the Remote control > Remote control option in the context menu.
• View: Can see the Remote control > Remote control option and can remote control a device. Can’t take control of the device (view only).
• Edit: Can see the Remote control > Remote control option and can remote control and take control of a device.
• Deploy: Not applicable.

Execute programs

• Edit: Can see the Remote control > Execute program option and can use it. The Execute program option is enabled in the Remote control window.

Transfer files

• Edit: Can see the Remote control > Transfer files option and can use it. The Transfer files option is enabled in the Remote control window.

Chat

• Edit: Can see the Remote control > Chat option and can use it. The Chat option is enabled in the Remote control window.

Reboot

• Edit: Can see the Remote control > Reboot option and can use it. The Reboot option is enabled in the Remote control window.

Security

Patch and compliance

• No rights: Can’t see the tool. Can’t see any scheduled tasks or policies in software distribution that are created from the tool.
• View: Can see the tool. Can see everything inside. Can't download content, create/edit/delete configurations, or change anything. Access is read-only.
• Edit: Can see the tool. Can see everything inside. Can edit anything. Can’t schedule anything, including: content downloads, scan jobs, repair jobs, gather history, etc.
• Deploy: Can see the tool. Can see everything inside. Can't modify anything, but can create a task or policy using the information there for items that they can see (including public).
• Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

Security configurations

• No rights: Can’t see the tool. Can’t see any scheduled tasks or policies in the Scheduled tasks window that are created from this tool.
• View: Can see this tool and the Security Activities tool. Can look at but not change any configurations or create any tasks.
• Edit: Can see the tool and the Security Activities tool. Can see everything inside. Can edit anything. Can’t schedule anything.
• Deploy: Can see the tool and the Security Activities tool. Can see everything inside. Can't modify anything, but can create a task or policy to deploy this to a client or change its configuration for items that they can see (including public).
• Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

Network access control

• No rights: Can’t see the tool.
• View: Can see this tool and can view anything (such as the 802.1x configuration). Can’t change anything.
• Edit: Can see and change anything, including publishing NAC settings.
• Deploy: Not applicable.

Software distribution

Delivery methods

• View: Can see the tool and everything in it.
• Edit: Can create/edit/delete methods.
• Deploy: Not applicable.
• Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

Distribution packages

• View: Can see the tool and everything in it.
• Edit: Can create/edit/delete packages.
• Deploy:
  • Can deploy a package in the distribution package tool.
  • Can use the Create software distribution task button in the Scheduled tasks tool.
  • Can use the Create custom script task button in the Scheduled tasks tool.
  • This applies to all items that they can see (including public).
• Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

Directory manager

• View: Can see the tool and everything in it (assuming someone has authenticated already).
• Edit: Can authenticate to a new directory and can see everything and can create/edit/delete queries.
• Deploy: Not applicable.

Manage scripts

• View: Can see this tool and can view anything. Can’t change anything.
• Edit: Can see and change anything. Can’t schedule a task.
• Deploy: Can schedule tasks for items that they can see (including Public). Can't create, edit and delete items.
• Edit Public: Can move items to the Public folder. Can create, edit or delete items in the Public folder.

Scheduled tasks

• If someone has "Deploy" rights for a tool that uses tasks that can be scheduled, they can see the scheduled task tool.
• If someone has "Deploy" rights they have rights to modify any part of the type of task that they have "Deploy" rights for (for example, agent configuration, software distribution, Patch, etc.).
• If someone has "Deploy" rights, they can change only the Target and the Schedule panes of a Public task.
• If someone has "Deploy" rights and "Edit Public" rights, they can make any changes to Public tasks and can move tasks to and from the Public folder.
• If someone has "Edit Public" rights but not "Deploy" rights, they can't edit any task of that type, including Public tasks.

Software license monitoring

• No rights: Can’t see the Software license monitoring tool.
• View: Can see everything. Can’t change anything.
• Edit: Can see and edit anything.
• Deploy: Not applicable.

User administration

• No rights: Can’t see the Users tool.
• View: Can see everything. Can’t change anything.
• Edit: Not applicable.
• Deploy: Not applicable.

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at webmaster@systemmanager.forsenergy.ru to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.