Roles and Scopes

• 2 min to read •

Console user accounts can be set up with limited rights with regards to specific features (Custom User).

Scopes control which devices a user account can see. Scopes are controlled by assigning a Syxsense Device Group.

Roles restrict what a user can do: the features of Syxsense they have access to. Once a role is created it can be reused by multiple user accounts. 

In addition to the existing assigned permissions, you may restrict or allow access to the following:

  • Devices: Modify Sites, Archive/delete devices, Remove Agent, Add Device menu, Custom Fields and Data Export
  • Vulnerabilities: View Patch Manager, View Security Manager
  • Tasks: Office 365 and Maintenance Windows
  • Device Tools: Each tool is an individual assignment. File Browser, device Quarantine, Event Viewer, Process Viewer, WMI Explorer, Log Viewer, Remote Registry, and Powershell
  • General: Edit and create dashboards, Applications, Settings

Prerequisites 

An account that has 'Admin' permissions

Discovery: What's here?Discovery: What's here?

Device Permissions

Settings in this area will allow or deny access to the following:

  • Use of Remote Control
  • Configuration of Column Sets
  • Device Tools (Remote Tools)
  • Management of Device
  • Groups Management of Device Queries
  • Move devices between Sites  
Vulnerabilities (Patch Manager) Permissions

Settings in this area will allow or deny access to the following:

  • Vulnerabilities (Patch Manager)
  • Management of Patch Groups only
  • Management of Patch Queries only
Task Permissions

Settings in this area will allow or deny access to the following:

  • Use of Device Discovery Tasks
  • Use of Patch Scan Tasks
  • Use of Patch Deployment Tasks
  • Use of Software Deployment Tasks
  • Use of Feature Update Tasks
  • Use of Reboot Tasks
  • Use of the Wake-on-LAN feature
General Permissions

Settings in this area will allow or deny access to the following:

  • Reports
  • User Accounts
  • Console Admin (Remote Access)
  • Alerting

Guided walk-through: How to Delegate User Role and Device ScopeGuided walk-through: How to Delegate User Role and Device Scope

To create the device scope (the devices a particular user will only have access to), a device group must first be created: 

Create a device Group > Add the intended device to the device group  Drop-down TitleDrop-down Title

To assign a user to a device scope and role:

In the 'Console Security' section create a new user or edit an existing one.

Enter Login Details ①

Specify additional security options ②

In the Security Context (Restricted Actions and Permissions) section, click 'Assign' ③Drop-down TitleDrop-down Title

Specify Roles and Scopes by selecting them from the drop-down lists in the corresponding fields. 

Name the Security Context if it is new.

You can create unique combinations of roles and scopes to reuse, manage, and update centrally. They will be available in Security Context tab.Drop-down TitleDrop-down Title

Save the changes

 Devices which are added to the Device Group which is linked to a Scope, are immediately available for users when using this Scope.

Video Tutorial: How to Add Roles and ScopesVideo Tutorial: How to Add Roles and Scopes

Watch an example of creating new Roles and Scopes  Video

Last Update: Mar 12, 2024

Copyright ©2024 by Syxsense, Inc. All Rights Reserved