Role-based Access Control (RBAC) Custom Roles
You can create custom roles to control access to all areas of Nerdio Manager. Custom roles define the scope and level of access and can be assigned to users and security groups. Users can access modules in read-only or full-access mode.
To create a custom role:
-
Navigate to RBAC Roles > Definitions .
-
Select Add.
-
Enter the following information:
-
Name: Type the custom role's name.
-
Description: Type a description of the custom role.
-
Modules: Select all the applicable modules and modes.
Module
Modes
Dashboard
-
Read Only
Workspaces
-
Read Only
-
Full Access
-
Manage hosts: Allow users to manage hosts within assigned host pools.
-
Manage assignments: Allow users to manage assignments within assigned host pools.
-
Manage sessions: Allow users to manage sessions within assigned host pools.
-
Manage power state: Allow users to manage the power state of the sessions within assigned host pools.
-
Manage drain mode: Allow users to manage the drain mode of the sessions within assigned host pools.
-
Run scripted actions: Allow users to run scripted actions within assigned host pools.
Desktop Images
- Read Only
-
Full Access
Intune
Global Roles:
- Read Only
-
Full Access
Read Only Roles:
-
Read Devices
-
Read Policies
-
Read Applications and App Policies
-
Read Update Rings and Policies
-
Read Scripts
-
Read BitLocker
-
Read Antivirus
-
Read User Experience
-
Read User Groups
-
Read Device Location
Manage Roles:
- Manage Devices
-
Manage Devices Privileged
- Manage BitLocker
-
Manage Antivirus
-
Manage Device Groups
-
Manage User Groups
-
Manage Locate Device
-
Manage Policies
-
Manage Applications and App Policies
-
Manage Update Rings and Policies
Intune > Windows 365
- Read Only
-
Full Access
App Attach
- Read Only
-
Full Access
UAM > Deployment Policies
- Read Only
-
Full Access
UAM > App Groups
- Read Only
-
Full Access
UAM > Catalog
- Read Catalog
-
Manage Catalog: Allow users to manage UAM catalogs and performs tasks such as importing and deploying apps.
-
Manage Shell App Parameters: Allow users to manage Shell App parameters.
Scripted Actions
- Read Only
-
Full Access
Monitoring
-
Read Only
Storage > Azure Files
- Read Only
-
Full Access
-
Manage Profiles: Allow users to manage FSLogix profiles without the need for an active user session and without the need to provide full control to the file share.
Advisor > Modeler
- Read Only
-
Full Access
Advisor > Recommendations
- Read Only
-
Full Access
Advisor > Rules
- Read Only
-
Full Access
Storage > Azure NetApp Files
- Read Only
-
Full Access
Storage > Log Analytics
- Read Only
-
Full Access
Desktops
-
Full Access
-
-
-
Once you have entered all the desired information, select OK.
Note: From the list of definitions, you can edit or delete a custom role.
For more information, see Role-based Access Control (RBAC) in Nerdio Manager.