Manage user roles (also known as RBAC, Role Based Access Controls) to give them permissions to the entire Console or just a group.
There are four default user roles for the Esper Console: Enterprise Administrator, Enterprise Viewer, Group Administrator, and Group Viewer. It's also possible to create custom roles.
When setting up a user role, be mindful that each role has different permissions. Enterprise Administrators have the highest level of permissions and can view or change most of the settings. In contrast, a Group Viewer has far fewer permissions. These users need permission to view tasks for the devices and groups.
In the article:
Enterprise Roles
Enterprise Admins have access to the entire Console. While admins can mange features, viewers may only view these features.
Feature | Enterprise Admin | Enterprise Viewer |
Alerts | Read, Write Access | Read access |
Apps/Play for Work | Read, Write Access | Read access |
Compliance Policy | Read, Write Access | Read access |
Dashboard | Read, Write Access | Read access |
Device views | Read, Write Access | Read access |
Device Apps | Read, Write Access | Read access |
Device Compliance Policies | Read, Write Access | Read access |
Device Capture logs | Read, Write Access | Read access |
Geofencing | Read, Write Access | Read access |
Group views | Read, Write Access | Read access |
Group settings and policies | Read, Write Access | Read access |
Group apps | Read, Write Access | Read access |
Group OS updates | Read, Write Access | Read access |
Pipeline | Read, Write Access | Read access |
Esper Software updates | Read, Write Access | Read access |
API key management | Read, Write Access | Read, Write Access |
Provisioning | Read, Write Access | Read access |
Reports | Read, Write Access | Read access |
User management | Read, Write Access | No |
Company settings | Read, Write Access | No |
Group Roles
Group users will have access to features for specific device groups.
Feature | Group Admin | Group Viewer |
Alerts | Read access | Read access |
Apps/Play for Work | Read access | Read access |
Compliance Policy | Read access | Read access |
Dashboard | Read access | Read access(for devices in assigned groups) |
Device views | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
Device Apps | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
Device compliance policies | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
Device capture logs | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
Geofencing | No | No |
Group views | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
Group settings and policies | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
Group apps | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
Group OS updates | Yes, for devices in assigned groups | Read access(for devices in assigned groups) |
Pipeline | Read access | Read access |
Esper software updates | Read access | Read Access |
API key management | Read, Write Access | Read, Write Access |
Provisioning | Read,Write access | No |
Reports | Yes, for devices in assigned groups | No |
User management | No | No |
Company settings | No | No |