Role-Based Access Control

Role-based Access Control (RBAC) is a method of granting access to the Admin Console based on a role assigned to an individual user. Virtual Appliance comes with several predefined (Standard) roles and the option to create user-defined (Custom) roles for administrator and non-administrator access. These roles define access and the ability to change settings and objects in the Admin Console.

Below is an overview of the available roles and a brief description of the permissions they grant.

Roles Reference

Role

Application

Description

Root Admin

Global

This is the main administrator account created during the instance initialization. There is one Root Admin account. This user has full access to all the functionality their tenant has licensed, but not necessarily access to all data. Vasion Automate and Virtual Appliance share one Root Administrator. Historically, this role has been "Root" in PrinterLogic.

Administrator

Grants all permissions at a global level. They can add/remove other users and identities, can configure any settings of the Admin Console, reset passwords for others (including other administrators) but they can not reset the password of the root Virtual Appliance account.

Site Manager

Grants full management access to the folders assigned to them. They do not have permissions to change global settings that affect more than their scope. For example, the ability to add or delete users and drivers.

Deploy Manager

Grants the ability to deploy, manage, and delete printers within the folders assigned to them.

Help Desk

Grants the ability to see print jobs in the queue, and printers with errors.

Print Job Report Manager

Grants the ability to run print job auditing reports for printers within the folders they are assigned.

Administrative Auditor

Audits changes made within the Admin Console.

Custom

Permissions are manually assigned, depending on what operational tasks are performed.

You can use custom roles to only grant access to specific folders, printers, and settings.

Please note that user accounts and roles added to the Tools then Users tab only apply to the Virtual Appliance Admin Console interface and do not allow access to other Vasion Automate features and tabs.

Standard Non-Administrator Role Details

Here are some additional details on the permissions assigned to Non-Administrator standard roles. The roles are assigned to folders or other objects in the tree. Users can have multiple role assignments to different locations in the tree. For example, they can be a site manager for one folder and a deploy manager for a different folder.

Site Manager

The Site Manager role has permissions to access the following:

Navigation Menus

  • Tools Menu
    • Release > Release Stations — can add and delete stations, add printers, and link devices.
    • Badge Management — can manage badge users.
  • Reports Menu
    • Workstations — can generate workstation reports.
    • Print Job Records — can generate and schedule print job record reports.
    • Printer Status
      • Printers with Errors Only.
      • All Printers.
    • Account Menu (username)
      • My Account.

Objects and Tabs

Under the assigned folder, the Site Manager role can do the following in that folder:

  • Add, move, copy, and delete:
    • Printers.
    • Folders.
    • IP Address Ranges.
    • Service Clients.

The Site Manager role can access the following tabs for each object:

Printer Objects and Tabs

Object

Tabs

Action

Folder

General

Modify all options.

Portal Security

Modify all options.

Alerts

Modify all options.

Map

Modify all options.

Services

Modify all options.

Printer

General

Modify all options. Can view the tab details but cannot modify.

Port

Modify all options. Can view the tab details but cannot modify.

Drivers / Profiles

Modify profiles, but cannot upload drivers, or access the Drivers / Profiles repository, or add / update profiles.

Deploy

Modify all options. Can view the tab details but cannot modify.

Portal Security

Modify all options.

Alerts

Modify all options.

Printing

Modify all options. Can view the tab details but cannot modify.

Status

Modify all options Can view the tab details but cannot modify, if SNMP is enabled.

Printer Info

Modify all options Can view the tab details but cannot modify, if SNMP is enabled.

Queue

Modify all options.

Release

Modify all options.

Apps

Modify all options. Can view the tab details but cannot modify.

Off-Network

Modify all options.

Shared Printers

General

Modify all options. Can view the tab details but cannot modify.

Deploy

Modify all options. Can view the tab details but cannot modify.

Portal Security

Modify all options.

Queue

Modify all options.

IP Address Range

General

Modify all options.

Deploy

Modify all options. Can view the tab details but cannot modify.

Service Client

 

 

 

 

 

 

 

General

Modify all options.

Email Printing

Modify all options.

Printer Apps

Modify all options.

SNMP

Modify all options.

Offline Printing

Modify all options.

Identity Sync

Modify all options.

External Gateway

Modify all options.

Output Automation

Modify all options.

Deploy Manager

The Deploy Manager role has permissions to access the following:

Navigation Menus

  • Tools Menu
    • Release > Print Jobs.
    • PrinterLogic Portal (Self-service Portal).
  • Reports Menu
    • Printer Status.
      • Printers with Errors Only.
      • All Printers.
    • Account Menu (username).
      • My Account.

Objects and Tabs

Under the assigned folder, the Site Manager role can do the following in that folder:

  • Add, move, copy, and delete printers.
  • Add IP Address Ranges.

The Deploy Manager role can access the following tabs for each object:

Printer Objects and Tabs

Object

Tabs

Action

Folder

General

Modify all options.

Printer

General

Modify all options. Can view the tab details but cannot modify.

Port

Modify all options. Can view the tab details but cannot modify.

Drivers / Profiles

Modify profiles, but cannot upload drivers, or access the Drivers / Profiles repository, or add / update profiles.

Deploy

Modify all options. Can view the tab details but cannot modify.

Printing

Modify all options. Can view the tab details but cannot modify.

Status

Modify all options Can view the tab details but cannot modify, if SNMP is enabled.

Printer Info

Modify all options Can view the tab details but cannot modify, if SNMP is enabled.

Queue

Modify all options.

Release

Modify all options.

Apps

Modify all options. Can view the tab details but cannot modify.

Shared Printers

General

Modify all options. Can view the tab details but cannot modify.

Deploy

Modify all options. Can view the tab details but cannot modify.

Queue

Modify all options.

IP Address Range

General

Can view the tab details but cannot modify.

Deploy

Modify all options. Can view the tab details but cannot modify.

Help Desk

The Help Desk role has permissions to access the following:

Navigation Menus

  • Tools Menu
    • Release > Print Jobs.
    • PrinterLogic Portal (Self-service Portal).
  • Reports Menu
    • Workstations.
    • Printer Status.
      • Printers with Errors Only.
      • All Printers.
    • Account Menu (username).
      • My Account.

Objects and Tabs

The Help Desk role can access the following tabs for each object:

Printer Objects and Tabs

Object

Tabs

Action

Printer

General

Can view the tab details but cannot modify.

Port

Can view the tab details but cannot modify.

Drivers / Profiles

Modify profiles, but cannot upload drivers, or access the Drivers / Profiles repository, or add / update profiles.

Deploy

Can view the tab details but cannot modify.

Printing

Can view the tab details but cannot modify.

Status

Can view the tab details but cannot modify, if SNMP is enabled.

Printer Info

Can view the tab details but cannot modify, if SNMP is enabled.

Queue

Modify all options.

Release

Modify all options.

Apps

Can view the tab details but cannot modify.

Shared Printers

General

Can view the tab details but cannot modify.

Deploy

Can view the tab details but cannot modify.

Queue

Modify all options.

IP Address Range

General

Can view the tab details but cannot modify.

Deploy

Can view the tab details but cannot modify.

Print Job Manager

The Print Job Manager role has permissions to access the following:

Navigation Menus

  • Tools Menu
    • PrinterLogic Portal (Self-service Portal).
  • Reports Menu
    • Print Job Records.
    • Account Menu (username).
      • My Account.

Objects and Tabs

The Print Job Manager role cannot access any printer objects.

Administrative Auditor

The Administrative Auditor role has permissions to access the following:

Navigation Menus

  • Tools Menu
    • PrinterLogic Portal (Self-service Portal).
  • Reports Menu
    • Administrative Audit Records.
    • Account Menu (username).
      • My Account.

Objects and Tabs

The Administrative Auditor role cannot access any printer objects.

Create User Roles

You can view, assign and copy standard role types, but you cannot edit or delete them. One quick way to create a new custom role is to create a copy of a standard role and modify it.

Copy a Role

  1. Navigate to the Tools then Users tab in the Admin Console.
  2. In the Roles section, select a standard role.
  3. Select the Copy button.
  4. In the Create Role modal complete the following:
  5. Role Name — update the role name.
  6. Role Description — Update the role description.
  7. Permissions — add, modify or remove permissions as necessary by checking / unchecking the appropriate boxes.

    Selecting an option in the Permissions column displays a description in the column to the right.

  8. Select Save

Create Role modal from Copy function.

Create a New Role

You can also create an entirely new role by doing the following:

  1. Navigate to the Tools then Users tab in the Admin Console.
  2. In the Roles section, select Add Role.
  3. In the Role Name field, enter a name for the role.
  4. Recommended: In the Role Description field, type a summary to define the purpose of the new role.
  5. In the Permissions column, select the boxes for the settings and objects for which you want the role to have permissions. Some objects expand to provide View or Modify ability for those objects / tabs.

    Selecting an option in the Permissions column displays a description in the column to the right.

  6. Select Save

When you are finished creating the role, the role appears in the list of existing roles as a Custom role type. Custom roles show at the bottom of the Roles list.

Create Role pop-up with fields for the name, description, and checkboxes to define what objects they have access to modify, and the permissions they have for those objects.