Understanding console rights

Console rights provide access to specific Management Suite tools and features. Users must have the necessary rights to perform corresponding tasks. For example, in order to remote control devices in their scope, a user must be part of a group that has the remote control right.

Role-based administration includes the following permissions:

See the descriptions below to learn more about each permission and how permissions can be used to create administrative roles.

NOTE: Scope controls access to devices

Keep in mind that when using the features allowed by these permissions, users will always be limited by their scope (the devices they can see and manipulate).

Management Suite Administrator

The Management Suite Administrator permission provides full access to all of the application tools (however, use of these tools is still limited to the devices included in the administrator's scope).

The Management Suite Administrator permission provides users the ability to:

Agent configuration


Basic Web console

Core synchronization

Custom data forms

Device management

Add / Delete devices
Manage public device groups
Unmanaged device discovery
Device monitoring
Manage local users and groups



OS Deployment / Provisioning

Power management

Public query management

Refresh scopes

No rights: The Network view's Refresh scopes toolbar button doesn't do anything.

Edit: The Network view's Refresh scopes toolbar button updates all scopes. Use this when you've added devices to a scope or changed a user's scope and you want that user to see the new scope. Otherwise the scope refresh can wait up to an hour before it occurs automatically.

Remote control tools

Remote control
Execute programs
Transfer files


Patch and compliance
Security configurations
Network access control

Software distribution

Delivery methods
Distribution packages
Directory manager
Manage scripts
Scheduled tasks
Software license monitoring
User administration