Introducing Roles

Roles provide a powerful tool to help you organize and grant complex permissions.

Like groups, roles can have various members defined, but each role includes implicit permissions.

You may have already assigned permissions to your console operators, so when you also assign a role to that user you will effectively expand their permissions. When permissions conflict, the highest level will be selected.

To view the available roles, select All Content from the domain panel and select the node labeled Roles. From the list that appears, select the computers, operators, groups and sites that you want to associate with the role.

In a BigFix Distributed Server Architecture (DSA) environment, where multiple servers are installed, you can perform actions related to roles only on primary servers. When on a secondary server, you cannot create, modify, or delete roles. Any attempt to perform these actions is prevented and you get the following error message:
This operation requires a role change that can be performed only on the main server.