Roles page

TeamViewer DEX Platform 26.3 Green checkmark | 1E Platform 23.11 Green checkmark | 1E Platform on-premises 9.x Green checkmark

You can access this menu by clicking your avatar and selecting Settings. By default this is only displayed for the Full Administrator role, or a role configured with the Security permission. Refer to Roles and Securables.

The Roles page lets you view system roles and currently defined custom roles. From here you can edit Role permissions and go into each role to set its users and group assignments and any associated management groups.

Platform roles

There are two types of roles that can be applied to the Platform users, system roles, and custom roles. On the Roles page, you can see at a glance which roles are system or custom roles, by using the icon in the Name column:

  • System roles are indicated by an icon with a padlock:

  • Custom roles are indicated by an icon with a cog wheel:

Refer to Roles and Securables for a complete reference of available platform roles and securables.

System roles

  • On the Roles page, a system role is indicated by an icon with a padlock

  • System roles are built-in and are not configurable, however, they can be assigned to users the same as any other role.

  • Questions, responses, actions are examples of securables. Other Consumers may create their own system roles and securables.

Custom roles

  • On the Roles page, a custom role is indicated by an icon with a cogwheel

Recommendations for using the Full Administrator role

The Full Administrator role can be used to provide across-the-board permissions to a user. While this may be convenient in certain circumstances, you should be aware that this is a powerful role and should be used with appropriate caution.

Different approaches for defining permissions

The Platform provides a flexible system for defining permissions for the features. There are a number of different ways of approaching the task, here we outline the general choices that can be made for assigning Platform users to system and custom roles.

Managing access primarily using the Permissions console

In this approach, Platform users are added individually using their Entra ID credentials. This approach is more secure than alternatives because all users, roles, and access rights are managed only through the Permissions console.

Managing access using Entra ID

Using this approach, Platform users are added as Entra ID security groups. Platform roles are then associated with those groups, and management of the individual users who can access the Platform is subsequently done only through Entra ID. There are broadly three options when using this approach:

  1. A one-to-one approach where you create a Platform-specific role-based Entra ID group for each role. For example, you could create a TCNGApprovers Entra ID security group, and add that group as a user in the Platform, and then assign the All Instructions Approver role to the user.

  2. A many-to-one approach, where you use one or more of your existing role-based Entra ID groups for each Platform role. For example, you could use the Entra ID groups for your desktop and help desk teams, create a Platform user for each group, and then assign the Platform role to all those users.

  3. A mixture of the above.

It is possible for an Entra ID user to be associated with roles for both running and approving actions. In practice, this is safe because the Platform prevents users from being able to directly approve their own actions regardless of the roles they have been assigned.

Defining a custom Instruction set Platform role

If you want to base your Platform permissions around access to specific Instruction sets, you will need to create custom roles. The Roles and Securables page lists built-in custom roles used by Platform applications.

To create a custom role:

  1. Click the Add button to start the add role process.

  2. In the New Role page subsequently displayed set the Name and Description.

  3. With the Instruction Sets tab selected, select your required Instruction Sets from the list.

  4. Set the Instruction set access rights by checking the required Actioner, Approver, Questioner and Viewer checkboxes.

  5. When the associated rights have been set click Save to save your changes and automatically return to the Roles page.

  6. You can now add assignments of users and groups and management groups to the new custom role by clicking the link in the Assignments column.

  7. Click the + (plus icon) to add a new item and, from the Users and Groups drop-down menu either search for, or select the users or groups you want to associate the role with.

  8. From the Management Group drop-down menu either search for, or select the management group you want to associate the role with. This can either be the built-in All Devices or a management group you have created.

  9. Click Save to associate the selected options with the custom role.

The following rights can be set for an Instruction set, these relate to the primary operator roles of the Platform.

Right

Description

Actioner

Able to run actions defined in the Instruction Set.

Approver

Able to approve actions defined in the Instruction Set for anyone other than self.

If email is enabled, will receive an approval request email for each requested action in the Instruction Set.

Questioner

Able to ask questions defined in the Instruction Set.

Viewer

Able to view responses to questions run from the Instruction Set.

For details about how to load Instruction Definitions into the Platform and then create, populate and delete Instruction sets, refer to Instructions.