Access Control in Device Intelligence

Access Control in Device Intelligence

You need to log in using your Super Administrator role to manage user access control. When you create a user account, you can assign a user with one or more roles or you can also modify the user settings after you create the user.

Types of user roles and their access controls

Table 9. Types of user roles and their access controls
User RoleRole DefinitionAccess Control Ares
Super AdministratorAccess to all the features
  • Dashboard > Executive
  • Dashboard > Security
  • Dashboard > IT Ops
  • Inventory
  • Inventory > Save search
  • Inventory > Apply tag
  • Inventory > Suggest reclassification
  • Inventory > Report generation
  • Investigate
  • Policy
  • Policy > Create policy
  • Policy > Blocked devices
  • Manage > Scans
  • Manage > Assets
  • Manage > Users
  • Manage > Sites and regions
  • Manage > Tags and groups
  • Manage > Integration
  • Manage >Configuration
  • Reporting > Saved searches
  • Reporting > Reports
  • Reporting > Reclassification requests
Network AdministratorAccess to network features of the product
  • Dashboard > Executive
  • Inventory
  • Inventory > Save search
  • Inventory > Apply tag
  • Inventory > Suggest reclassification
  • Inventory > Report generation
  • Investigate
  • Policy
  • Policy > Create policy
  • Policy > Blocked devices
  • Manage > Scans
  • Manage > Assets
  • Manage > Sites and regions
  • Manage > Tags and groups
  • Manage > Integration
  • Manage >Configuration
  • Reporting > Saved searches
  • Reporting > Reports
Security AdministratorAccess to security features of the product
  • Dashboard > Executive
  • Dashboard > Security
  • Inventory
  • Inventory > Save search
  • Inventory > Apply tag
  • Inventory > Suggest reclassification
  • Inventory > Report generation
  • Investigate
  • Policy
  • Policy > Create policy
  • Policy > Blocked devices
  • Manage > Scans
  • Manage > Assets
  • Manage > Sites and regions
  • Manage > Tags and groups
  • Manage > Integration
  • Manage >Configuration
  • Reporting > Saved searches
  • Reporting > Reports
IT AdministratorAccess to IT features of the product
  • Dashboard > Executive
  • Dashboard > IT Ops
  • Inventory
  • Inventory > Save search
  • Inventory > Apply tag
  • Inventory > Suggest reclassification
  • Inventory > Report generation
  • Investigate
  • Policy
  • Policy > Blocked devices
  • Manage > Scans
  • Manage > Assets
  • Manage > Sites and regions
  • Manage > Tags and groups
  • Manage > Integration
  • Manage >Configuration
  • Reporting > Saved searches
  • Reporting > Reports
Super ReaderAccess to only read in the defined scope
  • Dashboard > Executive
  • Dashboard > Security
  • Dashboard > IT Ops
  • Inventory
  • Inventory > Save search
  • Inventory > Report generation
  • Investigate
  • Policy
  • Policy > Blocked devices
  • Reporting > Saved searches
  • Reporting > Reports


Scope Based Access Control for Users

When creating a user, in addition to the role, you can also assign the scope for the user. The scope is based on sites and regions in Device Intelligence tenants and you can assign one or more sites and regions when creating the user. The Super Administrator and Super Reader roles does not have any scope based restrictions. Only Super Administrator users can provide scope based access control.

Single Sign-On (SSO) Users

For single sign-on (SSO) users who use external identity providers (IdP) such as Okta, Active Directory, etc for authentication, authorization will depend on role mappings. By default, all SSO users will be mapped to the Super Reader role and have access to all the sites. Super Administrator can modify the default role and scope based access control for SSO Users.

Share this Doc

Access Control in Device Intelligence

Or copy link

In this topic ...