yemartin

My feedback

  1. 93 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    17 comments  ·  Suggestions  ·  Flag idea as inappropriate…  ·  Admin →

    Admin configuration permissions are now more granular, allowing for configuration of just profiles, devices, enrollments, or other aspects of SimpleMDM.

    This ticket will remain open as some of the requests related to permission scoped to individual devices or device groups.

    An error occurred while saving the comment
    yemartin commented  · 

    (or create a new permission for it)

    Right now the set of permissions does not work for our use case, which I believe should be quite common:

    1) One set of people (our engineers) creates the various configs, profiles, groups, and define custom attributes. These guys need access to the "Configs", "Apps" and "Devices" sections. On "Devices", they are mostly interested in creating Groups.

    2) A separate set of people (IT support staff) deals with actually deploying the devices. These people need only access to the "Devices" tabs. But they needs access not only to the "Device actions", but also to the per-device settings, in particular, custom attributes.

    The problem is that now, there is no permission that fits our support staff role: The "Allow device actions" is not enough since this does not allow the setting of per-device custom attributes. But "Allow configuration changes" is too much, as it allows modifying "Configs". This is particularly bad because there is no audit trails of who changed what, and when, so we need to restrict access to modifying Configs.

    yemartin supported this idea  · 

Feedback and Knowledge Base