Requesting Custom Roles – Esper Help

This feature is available for Blueprints and Templates.

Note: This feature is currently in beta. The Esper Team will reach out to you if you are selected for the beta.

You may have use cases that go beyond Esper’s standard roles. With Custom Roles, also known as RBAC (Role Based Access Control), you can now set up read and write permissions for a variety of Esper features.

By default, a wide array of permissions are available for the built-in Enterprise Admin role. With Custom Roles, you can restrict Console and Device permissions beyond what’s currently available to meet you and your organization’s needs.

Requirements

You’ll need to be an Enterprise Administrator to request a Custom Role.
You’ll need to be on Esper Single Sign-On, the new authentication system.

In this article:

Requesting a Custom Role
Assigning the Custom Role
Custom Role Examples

Requesting a Custom Role

Enterprise Admin can create Custom Roles and assign them when they invite users.

Step 1 Request a Custom Role

To get started, navigate to your profile and select User Management.

User_Management_highlighted_in_the_profile_dropdown.png

Then select Request custom role.

You’ll be redirected to a form. Enter your registered Esper tenant email address and tenant information. Then, name the Custom Role. In this example, we’ll be creating a Support Technician role who will be able to view device information and perform basic troubleshooting.

email_tenant_name_and_role_name_entered._role_is_support_technician..png

Request are made on a tenant-by-tenant basis.

Step 2 Select Permissions for the Console

Now, assign view permissions for Custom Features. Leave checked if you want to enable this feature in the Console. If unchecked, the user won’t be able to view these features.

reports__alerts__provisioning_templates__and_compliance_policy_are_checked.png

In this case, this role will be able to view Reports, Alerts, Provisioning Templates, and Compliance Policies. Even if these permissions are enabled, the user won’t have the ability to create, edit, or delete anything for these features since this section of the form only applies to Read-Only permissions.

Other features–such as Pipelines, Geofence, and App Management–will be hidden for this role.

Step 3 Select Permissions for the Device

The next section relates to Device permissions. Refer to Device Settings for a description of these functions. If enabled, a user will be able to perform these actions on a device.

We’d like the user to be able to do basic commands such as reboot a device or ping it to see if it’s reachable. They won’t be able to perform other functions, such as change the branding on it or select its Wi-Fi access point.

Next, select what users will be able to do with regard to app management.

We don’t want these users to interact with Apps in any way, so we’ve left them all unchecked.

Finally, select how this user will interact with device logs, graphs, event feeds, and the remote viewer. If left checked, they’ll be able to view data and initiate remote viewer sessions.

additional_console_features._everything_is_checked..png

Since this is a Support role, we want this user to be able to interact with logs, data, and the viewer. We’ve left all of the boxes checked, meaning they’ll be able to interact with all of these features.

(Optional) Provide Feedback to Esper

Is there a permission not listed here? Provide feedback and let us know. Feedback is not the same as enabling or disabling permissions (it won’t affect the role you’re currently creating).

Check Your Email

If you’re invited to the beta, you’ll receive an email from our team. We may also reach out to you for more information.

While this feature is in beta, we unfortunately won’t be able to accommodate all Custom Role requests.

Assigning the Custom Role

Once the requested Custom Role is created by Esper, you can assign it to a new or existing user. In the example below, we will add a new user. After entering an email address, notice our new “Support Technician” role (notated with the Custom badge) is now an option in the Select User’s Role section.

Then, select the role and then press Invite.

Custom Role Examples

Need some ideas on how to create roles? We’ve provided a list of commonly created roles for our custom role. Modify these permissions to suit your needs.

Support Third Party App Developer

Support

For Support personnel, you usually want to grant them permissions to logs and Remote Viewer while restricting other functionality.

Console Features

Device Settings

The user will be able to perform basic tasks, such as performing a reboot or pinging a device to check that it’s online.

App Management Functions

This user shouldn’t need access to Apps, so we’ve disabled all controls related to Apps.

Data and Remote View additional_console_features._everything_is_checked..png

We’ve given full permission for this user to view device data and initiate remote viewer sessions.

Third Party App Developer

If your apps are developed through a third party, you can give these developers partial access to your tenant to manage their apps and deployments.

Console Features

These users will probably want to view the App Management and Pipelines parts of the console, but won’t need access to other parts.

Device Settings

Usually, your third-party app developers won’t need to manage a device. However, if you’ll be sending them a device to test on, you may want to consider giving them access to more settings.

Device Apps

App developers may need to interact with all the app management settings.

Data and Remote View

Consider if the developer will test a device in person or remotely. A remote viewer may help a remote developer, but graphs and logs are useful overall.

Create a Custom Support role to capture a variety of use cases.