Last updated: July 09, 2024
Role-Based Access Control
Role-based Access Control (RBAC) is a method of granting access to the Admin Console based on a role assigned to an individual user. Virtual Appliance comes with several predefined (Standard) roles and the option to create user-defined (Custom) roles for administrator and non-administrator access. These roles define access and the ability to change settings and objects in the Admin Console.
Below is an overview of the available roles and a brief description of the permissions they grant.
Role |
Application |
Description |
---|---|---|
Root Admin |
Global |
This is the main administrator account created during the instance initialization. There is one Root Admin account. This user has full access to all the functionality their tenant has licensed, but not necessarily access to all data. Vasion Automate and Virtual Appliance share one Root Administrator. Historically, this role has been "Root" in PrinterLogic. |
Administrator |
|
Grants all permissions at a global level. They can add/remove other users and identities, can configure any settings of the Admin Console, reset passwords for others (including other administrators) but they can not reset the password of the root Virtual Appliance account. |
Site Manager |
|
Grants full management access to the folders assigned to them. They do not have permissions to change global settings that affect more than their scope. For example, the ability to add or delete users and drivers. |
Deploy Manager |
|
Grants the ability to deploy, manage, and delete printers within the folders assigned to them. |
Help Desk |
|
Grants the ability to see print jobs in the queue, and printers with errors. |
Print Job Report Manager |
|
Grants the ability to run print job auditing reports for printers within the folders they are assigned. |
Administrative Auditor |
|
Audits changes made within the Admin Console. |
Custom |
|
Permissions are manually assigned, depending on what operational tasks are performed. |
You can use custom roles to only grant access to specific folders, printers, and settings.
Please note that user accounts and roles added to the Tools Users tab only apply to the Virtual Appliance Admin Console interface and do not allow access to other Vasion Automate features and tabs.
Standard Non-Administrator Role Details
Here are some additional details on the permissions assigned to Non-Administrator standard roles. The roles are assigned to folders or other objects in the tree. Users can have multiple role assignments to different locations in the tree. For example, they can be a site manager for one folder and a deploy manager for a different folder.
Site Manager
The Site Manager role has permissions to access the following:
Navigation Menus
- Tools Menu
- Release > Release Stations — can add and delete stations, add printers, and link devices.
- Badge Management — can manage badge users.
- Reports Menu
- Workstations — can generate workstation reports.
- Print Job Records — can generate and schedule print job record reports.
- Printer Status
- Printers with Errors Only.
- All Printers.
- Account Menu (username)
- My Account.
Objects and Tabs
Under the assigned folder, the Site Manager role can do the following in that folder:
- Add, move, copy, and delete:
- Printers.
- Folders.
- IP Address Ranges.
- Service Clients.
The Site Manager role can access the following tabs for each object:
Object |
Tabs |
Action |
---|---|---|
Folder |
General |
Modify all options. |
Portal Security |
Modify all options. |
|
Alerts |
Modify all options. |
|
Map |
Modify all options. |
|
Services |
Modify all options. |
|
Printer |
General |
|
Port |
|
|
Drivers / Profiles |
Modify profiles, but cannot upload drivers, or access the Drivers / Profiles repository |
|
Deploy |
|
|
Portal Security |
Modify all options. |
|
Alerts |
Modify all options. |
|
Printing |
|
|
Status |
|
|
Printer Info |
|
|
Queue |
Modify all options. |
|
Release |
Modify all options. |
|
Apps |
|
|
Off-Network |
Modify all options. |
|
Shared Printers |
General |
|
Deploy |
|
|
Portal Security |
Modify all options. |
|
Queue |
Modify all options. |
|
IP Address Range |
General |
|
Deploy |
|
|
Service Client
|
General |
Modify all options. |
Email Printing |
Modify all options. |
|
Printer Apps |
Modify all options. |
|
SNMP |
Modify all options. |
|
Offline Printing |
Modify all options. |
|
Identity Sync |
Modify all options. |
|
External Gateway |
Modify all options. |
|
Output Automation |
Modify all options. |
Deploy Manager
The Deploy Manager role has permissions to access the following:
Navigation Menus
- Tools Menu
- Release > Print Jobs.
- PrinterLogic Portal (Self-service Portal).
- Reports Menu
- Printer Status.
- Printers with Errors Only.
- All Printers.
- Account Menu (username).
- My Account.
- Printer Status.
Objects and Tabs
Under the assigned folder, the Site Manager role can do the following in that folder:
- Add, move, copy, and delete printers.
- Add IP Address Ranges.
The Deploy Manager role can access the following tabs for each object:
Object |
Tabs |
Action |
---|---|---|
Folder |
General |
Modify all options. |
Printer |
General |
|
Port |
|
|
Drivers / Profiles |
Modify profiles, but cannot upload drivers, or access the Drivers / Profiles repository |
|
Deploy |
|
|
Printing |
|
|
Status |
|
|
Printer Info |
|
|
Queue |
Modify all options. |
|
Release |
Modify all options. |
|
Apps |
|
|
Shared Printers |
General |
|
Deploy |
|
|
Queue |
Modify all options. |
|
IP Address Range |
General |
|
Deploy |
|
Help Desk
The Help Desk role has permissions to access the following:
Navigation Menus
- Tools Menu
- Release > Print Jobs.
- PrinterLogic Portal (Self-service Portal).
- Reports Menu
- Workstations.
- Printer Status.
- Printers with Errors Only.
- All Printers.
- Account Menu (username).
- My Account.
Objects and Tabs
The Help Desk role can access the following tabs for each object:
Object |
Tabs |
Action |
---|---|---|
Printer |
General |
|
Port |
|
|
Drivers / Profiles |
Modify profiles, but cannot upload drivers, or access the Drivers / Profiles repository |
|
Deploy |
|
|
Printing |
|
|
Status |
|
|
Printer Info |
|
|
Queue |
Modify all options. |
|
Release |
Modify all options. |
|
Apps |
|
|
Shared Printers |
General |
|
Deploy |
|
|
Queue |
Modify all options. |
|
IP Address Range |
General |
|
Deploy |
|
Print Job Manager
The Print Job Manager role has permissions to access the following:
Navigation Menus
- Tools Menu
- PrinterLogic Portal (Self-service Portal).
- Reports Menu
- Print Job Records.
- Account Menu (username).
- My Account.
Objects and Tabs
The Print Job Manager role cannot access any printer objects.
Administrative Auditor
The Administrative Auditor role has permissions to access the following:
Navigation Menus
- Tools Menu
- PrinterLogic Portal (Self-service Portal).
- Reports Menu
- Administrative Audit Records.
- Account Menu (username).
- My Account.
Objects and Tabs
The Administrative Auditor role cannot access any printer objects.
Create User Roles
You can view, assign and copy standard role types, but you cannot edit or delete them. One quick way to create a new custom role is to create a copy of a standard role and modify it.
Copy a Role
- Navigate to the Tools Users tab in the Admin Console.
- In the Roles section, select a standard role.
- Select the Copy button.
- In the Create Role modal complete the following:
- Role Name — update the role name.
- Role Description — Update the role description.
-
Permissions — add, modify or remove permissions as necessary by checking / unchecking the appropriate boxes.
Selecting an option in the Permissions column displays a description in the column to the right.
- Select Save
Create a New Role
You can also create an entirely new role by doing the following:
- Navigate to the Tools Users tab in the Admin Console.
- In the Roles section, select Add Role.
- In the Role Name field, enter a name for the role.
- Recommended: In the Role Description field, type a summary to define the purpose of the new role.
-
In the Permissions column, select the boxes for the settings and objects for which you want the role to have permissions. Some objects expand to provide View or Modify ability for those objects / tabs.
Selecting an option in the Permissions column displays a description in the column to the right.
- Select Save
When you are finished creating the role, the role appears in the list of existing roles as a Custom role type. Custom roles show at the bottom of the Roles list.
-
Released: November 21st, 2024
Updated Application Version Included
-
New Mobile App Release
iOS: November 11th, 2024 -
Released: November 11th, 2024