Views:
User roles and capabilities give users permissions to perform specific actions within the SMS. A capability is an ability to affect an object in the system; for example, the ability to add a device. A role is a collection of capabilities.
The SMS has three user roles that grant distinct privileges to different functions on the SMS. The user roles are the operator, admin, and superuser.
  • Operator — Read-only capabilities including running reports/queries, viewing configuration settings, inspection events, and audit data.
  • Admin — Management of basic configuration settings including report management, profile management, and general device management.
  • Superuser — All other system functionality including management of advanced configuration settings, responder configuration, device configuration, and authentication and authorization.
User roles have hierarchical permissions; the admin role has all operator privileges, the superuser role has all admin privileges. You cannot modify predefined system roles, but you can use them as starting points to initialize new roles. When you create a role, you can select a base system role from which to initialize the new role. The new role is given the same capabilities as the system role it is initialized from, until you customize the capabilities.
Related information