The WebUI Permissions Service

Use the WebUI Permissions service to control the amount of content operators can deploy, and the number of devices they can deploy to or query, at one time.

You can also use the Permissions service to grant unlimited targeting permissions to a role. The service will provide increasingly fine-grained control over permissions and preferences in WebUI applications. You can also grant permissions to non-master operator roles to perform various actions in patch policies. Open the Permissions service from the Settings menu.

Image of the Settings drop down menu showing the Permissions Service.
Global Permissions in WebUI Permissions service apply only to non-master operators. Master operators have full access to all WebUI application.
Important: For the below scenarios, two non-master operator roles and one master operator role is taken into account.
  1. When Patch Policies check box of Global Permissions is selected, the non-master operator roles will inherit the access to Patch Policies app from Global Permissions and master operator role will have full access to all WebUI applications by default.
  2. When Patch Policies check box of Global Permissions is not selected, the non-master operator roles will not have access to Patch Policies app and master operator role will have full access to all WebUI applications by default.
  3. When Patch Policies check box of Global Permissions is not selected, the non-master operator roles can still be granted access to Patch Policies app by selecting the patch policies check boxes of the roles manually, and master operator role will have full access to all WebUI applications by default.

Click Global Permissions to edit global target maximums and global patch policies permissions. In the Deployments tab, the administrator can set the content target limit and device limit for all non-master operators. Non-master operators cannot exceed the established limits. In case of violations, their deployment and query activities will be suspended until they fall within the acceptable range. Global target maximums apply to all non-master operators except the members of a role that has been granted unlimited target permissions. In the Patch Policies tab, the administrator can grant permissions which allow non-master operators to perform different actions.

When certain patch policy check box in Patch Policies tab is selected, other patch policies check boxes will be auto selected and disabled. This is due to permission dependencies on each other.
  1. When Delete Policy permission is granted, non-master operators will also have permissions to Create/ Edit Policy, Delete Schedule, Create/ Edit Schedule, Add/ Remove Your Own Targets and Remove Other Operator's Targets.
  2. When Create/ Edit Policy permission is granted, non-master operators will also have permission to Refresh Policy.
  3. When Delete Schedule permission is granted, non-master operators will also have permissions to Create/ Edit Schedule, Add/ Remove Your Own Targets and Remove Other Operator's Targets.
Click a role to edit role specific permissions:
  • In the Deployments tab, administrator can set the content target limit and device limit for the selected role. Operators cannot exceed the established limits. In case of violations, their deployment and query activities are suspended until they fall within the acceptable range.
  • In the Patch Policies tab, administrator can grant permissions which allow specific role to perform different actions.
    Note: The Patch Policies tab is visible only if the selected role has permission to access the Patch Policies app.
Important: The effective permissions for a role are the least restrictive of the global permissions and role permissions.
Example: Content Target Limit
The global permission is set to 5 and the role permission to 8 for Content Target Limit. The least restrictive of the global permission and role permission is 8. The effective permission is set to 8 as it is the least restrictive.
In case the Unlimited check box is selected, the effective permissions is set to unlimited.
Example: Patch Policies
Activate/ Suspend Policy check box is not selected for global permission and selected for role permission. The least restrictive of the global permission and role permission in this case would be to allow operators in this role to Activate/ Suspend Policy.