Manage user roles (also known as RBAC, Role Based Access Controls) to give them permissions to the entire Console or just a group.
There are four user roles for the Esper Console: Enterprise Administrator, Enterprise Viewer, Group Administrator, and Group Viewer.
When setting up a group, be mindful that each role has different permissions. Enterprise Administrators have the highest level of permissions and can view or change most of the settings. In contrast, a Group Viewer has far fewer permissions. These users need permission to view tasks for the devices and groups.
In the article:
- Enterprise Roles
- Group Roles
Enterprise Roles
Enterprise Admins have access to the entire Console. While Admins can mange features, Viewers may only view these features.
| Feature | Enterprise Admin | Enterprise Viewer |
| Alerts | Read, Write Access | Read access |
| Apps/Play for Work | Read, Write Access | Read access |
| Compliance Policy | Read, Write Access | Read access |
| Dashboard | Read, Write Access | Read access |
| Device views | Read, Write Access | Read access |
| Device Apps | Read, Write Access | Read access |
| Device Compliance Policies | Read, Write Access | Read access |
| Device Capture logs | Read, Write Access | Read access |
| Geofencing | Read, Write Access | Read access |
| Group views | Read, Write Access | Read access |
| Group settings and policies | Read, Write Access | Read access |
| Group apps | Read, Write Access | Read access |
| Group OS updates | Read, Write Access | Read access |
| Pipeline | Read, Write Access | Read access |
| Esper Software updates | Read, Write Access | Read access |
| API key management | Read, Write Access | Read, Write Access |
| Provisioning | Read, Write Access | Read access |
| Reports | Read, Write Access | Read access |
| User management | Read, Write Access | No |
| Company settings | Read, Write Access | No |
Group Roles
Group users will have access to features for specific Groups.
| Feature | Group Admin | Group Viewer |
| Alerts | Read access | Read access |
| Apps/Play for Work | Read access | Read access |
| Compliance Policy | Read access | Read access |
| Dashboard | Read access | Read access(for devices in assigned groups) |
| Device views | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
| Device Apps | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
| Device Compliance Policies | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
| Device Capture logs | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
| Geofencing | No | No |
| Group views | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
| Group settings and policies | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
| Group apps | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
| Group OS updates | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
| Pipeline | Read access | Read access |
| Esper Software updates | Read access | Read Access |
| API key management | Read, Write Access | Read, Write Access |
| Provisioning | Read,Write access | No |
| Reports | Yes, for devices in assigned groups | No |
| User management | No | No |
| Company settings | No | No |