MDM Permissions

Use the WebUI Permissions service to provide increasingly fine-grained control over permissions and preferences in WebUI MDM.

To go to Permissions page, as a Master Operator click on the gear icon, and from the dropdown menu, select Permissions.

Master Operator can configure two things with the Permissions and Preferences Services (PPS) with MDM:
  1. Configure visibility of the MDM app based on the role
    • For example, users with mdm allow all role and mdm custom policy roles can see the MDM application; but users not in those roles do not have access to MDM application.

  2. Configure specific MDM permissions

    • Create, Edit and Delete Non-Custom Policies permission allows users to manipulate policies (passcode policies, kernel policies, certificate policies, restrictions policies, and full disk access policies) that WebUI natively supports.
    • Create, Edit, and Delete MCM Custom Policies permission allows users to manipulate custom policies that users come up on their own.

Permissions in WebUI work just like console permissions in that a user’s permissions is the union of all of their role permissions and global permissions. For example: If a user is part of four different roles and only one of them has access to MDM specific permission, that user has access to MDM. If a user is not part of any role that has any MDM specific permissions, but the Global Permissions of MDM has been set, that user also has access to MDM despite not having access through roles.