Role-based Access Control (RBAC) Custom Roles

You can create custom roles to control access to all areas of Nerdio Manager. Custom roles define the scope and level of access and can be assigned to users and security groups. Users can access modules in read-only or full-access mode.

To create a custom role:

  1. Navigate to RBAC RolesDefinitions .

  2. Select Add.

  3. Enter the following information:

    • Name: Type the custom role's name.

    • Description: Type a description of the custom role.

    • Modules: Select all the applicable modules and modes.

       

      Module

      Modes

      Dashboard

      • Read Only

      Workspaces

      • Read Only

      • Full Access

      • Manage hosts: Allow users to manage hosts within assigned host pools.

      • Manage assignments: Allow users to manage assignments within assigned host pools.

      • Manage sessions: Allow users to manage sessions within assigned host pools.

      • Manage power state: Allow users to manage the power state of the sessions within assigned host pools.

      • Manage drain mode: Allow users to manage the drain mode of the sessions within assigned host pools.

      Desktop Images
      • Read Only

      • Full Access

      Intune

      Global Roles:

      • Read Only

      • Full Access

      Read Only Roles:

      • Read Devices

      • Read Policies

      • Read Applications and App Policies

      • Read Update Rings and Policies

      • Read Scripts

      • Read BitLocker

      • Read Antivirus

      • Read User Experience

      • Read User Groups

      • Read Device Location

      Manage Roles:

      • Manage Devices

      • Manage Devices Privileged

      • Manage BitLocker

      • Manage Antivirus

      • Manage Device Groups

      • Manage User Groups

      • Manage Locate Device

      • Manage Policies

      • Manage Applications and App Policies

      • Manage Update Rings and Policies

      Intune > Windows 365
      • Read Only

      • Full Access

      App Attach
      • Read Only

      • Full Access

      UAM > App Groups
      • Read Only

      • Full Access

      UAM > Catalog
      • Read Catalog

      • Manage Catalog: Allow users to manage UAM catalogs and performs tasks such as importing and deploying apps.

      • Manage Shell App Parameters: Allow users to manage Shell App parameters.

      Scripted Actions
      • Read Only

      • Full Access

      Monitoring

      • Read Only

      Storage > Azure Files
      • Read Only

      • Full Access

      • Manage Profiles: Allow users to manage FSLogix profiles without the need for an active user session and without the need to provide full control to the file share.

      Storage > Azure NetApp Files
      • Read Only

      • Full Access

      Storage > Log Analytics
      • Read Only

      • Full Access

      Desktops

      • Full Access

  4. Once you have entered all the desired information, select OK.

    Note: From the list of definitions, you can edit or delete a custom role.

For more information, see Role-based Access Control (RBAC) in Nerdio Manager.