93 votesAdminSimpleMDM (--------, SimpleMDM) responded
Admin configuration permissions are now more granular, allowing for configuration of just profiles, devices, enrollments, or other aspects of SimpleMDM.
This ticket will remain open as some of the requests related to permission scoped to individual devices or device groups.yemartin commented
(or create a new permission for it)
Right now the set of permissions does not work for our use case, which I believe should be quite common:
1) One set of people (our engineers) creates the various configs, profiles, groups, and define custom attributes. These guys need access to the "Configs", "Apps" and "Devices" sections. On "Devices", they are mostly interested in creating Groups.
2) A separate set of people (IT support staff) deals with actually deploying the devices. These people need only access to the "Devices" tabs. But they needs access not only to the "Device actions", but also to the per-device settings, in particular, custom attributes.
The problem is that now, there is no permission that fits our support staff role: The "Allow device actions" is not enough since this does not allow the setting of per-device custom attributes. But "Allow configuration changes" is too much, as it allows modifying "Configs". This is particularly bad because there is no audit trails of who changed what, and when, so we need to restrict access to modifying Configs.yemartin supported this idea ·