Delegated Administration uses three concepts: administrators, roles, and scopes. Permissions are based on an administrator's role and the scope of this role. For example, an administrator might be assigned a Help Desk administrator role where the scope involves responsibility for end-users at one Site only.
For information about creating delegated administrators, see the main Delegated Administration document.
The built-in roles and permissions also determine how administrators use Director:
|Administrator Role||Permissions in Director|
|Full Administrator||Full access to all views and can perform all commands, including shadowing a user's session, enabling maintenance mode, and exporting trends data.|
|Delivery Group Administrator||Full access to all views and can perform all commands, including shadowing a user's session, enabling maintenance mode, and exporting trends data.|
|Read Only Administrator||Can access all views and see all objects in specified scopes as well as global information. Can download reports from HDX channels and can export Trends data using the Export option in the Trends view.
Cannot perform any other commands or change anything in the views.
|Help Desk Administrator||Can access only the Help Desk and User Details views and can view only objects that the administrator is delegated to manage. Can shadow a user's session and perform commands for that user. Can perform maintenance mode operations. Can use power control options for Desktop OS Machines.
Cannot access the Dashboard, Trends, Alerts, or Filters views. Cannot use power control options for Server OS machines.
|Machine Catalog Administrator||No access. This administrator is not supported for Director and cannot view data. This user can access the Machine Details page (Machine-based search).|
|Host Administrator||No access. This administrator is not supported for Director and cannot view data.|
To configure custom roles for Director administrators
In Studio, you can also configure Director-specific, custom roles to more closely match the requirements of your organization and delegate permissions more flexibly. For example, you can restrict the built-in Help Desk administrator role so that this administrator cannot log off sessions.
Alternatively, you can create a custom role by copying an existing role and include additional permissions for different views. For example, you can copy the Help Desk role and include permissions to view the Dashboard or Filters pages.
Select the Director permissions for the custom role, which include:
In this example, Shadowing (Perform Remote Assistance on a machine) is turned off.
In addition, from the list of permissions for other components, consider these permissions: