Views:
User roles and capabilities give users permissions to perform specific actions within the SMS. A capability is an ability to affect an object in the system; for example, the ability to add a device. A role is a collection of capabilities.
The SMS uses three predefined roles: SuperUser, Admin, and Operator. You cannot modify predefined system roles, but you can use them as starting points to initialize new roles. When you create a role, you can select a base system role from which to initialize the new role. The new role is given the same capabilities as the system role it is initialized from, until you customize the capabilities. The SuperUser role includes all Admin and Operator capabilities.
You can create new roles to expand or limit the capabilities of existing roles or to target a specific set of capabilities for a group of SMS users. You can further control the access rights and capabilities of users through Groups, but you cannot delete a role when it is in use by a Resource Group. Learn more: Create or edit a user group.

Procedure

  1. Select AdminAuthentication and AuthorizationRoles.
  2. Click New, or select an existing role and click Edit.
    Note
    Note
    When you edit a user role, you can change the base system role that the SMS uses to determine what to do during an SMS upgrade. For example, if you created a user role based on the Admin system role, but you do not want this role automatically updated with new Admin role capabilities during an upgrade, you can change the value for the Upgrade As field to “None.”
    You can copy a system role by selecting it in the User Roles list and clicking Save As.
  3. Select Name & Description, and provide the following:
    • Role name
    • Role description
    • Initialize from system role – SuperUser, Admin, Operator, or None (no capabilities are preselected).
  4. Select Capabilities, select a functional area on the SMS (Events, Reports, Profiles, Responder, Devices, or Admin), and then select the capabilities you want to assign to the role using the following options:
    • Global capabilities for a functional area: Select the top-level list item, so that a checkmark appears to the left of every capability in the list.
    • Group capabilities: Select a parent list item, so that a checkmark appears to the left of every capability under that parent.
    • Named capabilities: Select an individual named capability from the list. If you select a single capability, consider that one capability may depend on others for full access rights to complete a task. Capabilities are listed hierarchically in groups; child capabilities are required for that particular group function.
  5. Click Finish.
    If a user role was initialized from a system role, the specified system role determines how the user role is affected during an SMS upgrade. Capabilities that were added for a new SMS release are added to this role based on the system role specified.