TABLE OF CONTENTS
- Role Groups and Permissions Management
- Overview
- Default Role Groups
- Role Group Permissions
- Application Permissions
- User Migrations Permissions
- Device Permissions
- Mailbox Permissions
- Bespoke Permissions
- Deployment Unit Permissions
- Defect Permissions
- Task Permissions
- Contact Permissions
- Link Permissions
- Project Permissions
- Project Config Roles
- Module Config Roles (Apps, Users, Devices, Mailboxes, Bespokes, Deployment Units, Defects, Tasks)
- Portal Configuration
- User Account Roles
- Reports
- Cross Project Permissions
- Creating a Role Group
- Adding a User to a Role Group
- Removing a User from a Role Group
- Further Support
Role Groups and Permissions Management
Overview
Role groups control user access levels and permissions within ManagementStudio. They define which users can view, modify, or administer different areas and functions of the platform. Users must have an account to interact with ManagementStudio, and only authenticated administrators can manage user accounts.
Default Role Groups
- Project Admin: Full administrative rights across all ManagementStudio features.
- Project Member: Assigned to one or more projects and possibly multiple roles.
- Power User: Granted specific administrator permissions for common system tasks.
- Api Connectors: Permitted to execute API commands and manage connectors.
Role Group Permissions
Role group permissions are module-specific and can be configured for various access levels such as Deny Access, Read/Write, and Read Only. The tables below outline available permission options for each module.
Application Permissions
| Permission | Description |
|---|---|
| Create | Create a new Application. |
| Limit access to 'My Apps' | View only assigned Applications. |
| Lock | Lock an Application. |
| Archive | Archive an Application. |
| Delete | Delete an Application. |
| Importer | Import Applications via Data Importer. |
| Disable Context Menu | Restrict context menu use in Applications. |
| Run Custom Actions | Run custom actions from context menu. |
| Send Emails | Send emails from Applications module. |
| View Hidden Tab | Access the hidden tab in Applications module. |
| Assigned To | User can be assigned Applications. |
| Owned By | User can be set as Application owner. |
| Packaged By | Assign user as Application packager. |
| Delegate To 1 | Assign as Delegate 1 on an Application. |
| Delegate To 2 | Assign as Delegate 2 on an Application. |
| Configuration | Access Application configuration in Admin section. |
User Migrations Permissions
| Permission | Description |
|---|---|
| Create | Create a new User Migration. |
| Limit access to 'My Users' | View only assigned User Migrations. |
| Lock | Lock a User Migration record. |
| Archive | Archive a User Migration. |
| Delete | Delete a User Migration. |
| Importer | Import User Migrations via Data Importer. |
| Disable Context Menu | Restrict context menu use in User Migrations. |
| Run Custom Actions | Run custom actions via context menu in User Migrations. |
| Send Emails | Send emails from User Migrations module. |
| View Hidden Tab | Access the hidden tab in User Migrations. |
| Initiate Migration | Initiate a User Migration. |
| Assigned To | Assign User Migrations to a user. |
| Delegate To 1 | Assign as Delegate 1 of a User Migration. |
| Delegate To 2 | Assign as Delegate 2 of a User Migration. |
| Configuration | Access User Migration configuration in Admin section. |
Device Permissions
| Permission | Description |
|---|---|
| Create | Create a new Device. |
| Limit access to 'My Devices' | View only assigned Devices. |
| Lock | Lock a Device record. |
| Archive | Archive a Device. |
| Delete | Delete a Device. |
| Importer | Import Devices via Data Importer. |
| Disable Context Menu | Restrict context menu use in Devices. |
| Run Custom Actions | Run custom actions via context menu in Devices. |
| Send Emails | Send emails from Devices module. |
| View Hidden Tab | Access the hidden tab in Devices module. |
| Initiate Migration | Initiate a migration. |
| Assigned To | Assign Devices to a user. |
| Delegate To 1 | Assign as Delegate 1 of a Device. |
| Delegate To 2 | Assign as Delegate 2 of a Device. |
| Configuration | Access Device configuration in Admin section. |
Mailbox Permissions
| Permission | Description |
|---|---|
| Create | Create a new Mailbox. |
| Limit access to 'My Mailboxes' | View only assigned Mailboxes. |
| Lock | Lock a Mailbox record. |
| Archive | Archive a Mailbox. |
| Delete | Delete a Mailbox. |
| Importer | Import Mailboxes via Data Importer. |
| Disable Context Menu | Restrict context menu use in Mailboxes. |
| Run Custom Actions | Run custom actions via context menu in Mailboxes. |
| Send Emails | Send emails from Mailboxes module. |
| View Hidden Tab | Access the hidden tab in Mailboxes module. |
| Assigned To | Assign Mailboxes to a user. |
| Initiate Migration | Initiate a migration. |
| Delegate To 1 | Assign as Delegate 1 of a Mailbox. |
| Delegate To 2 | Assign as Delegate 2 of a Mailbox. |
| Configuration | Access Mailbox configuration in Admin section. |
Bespoke Permissions
| Permission | Description |
|---|---|
| Create | Create a new Bespoke item. |
| Limit access to 'My Bespokes' | View only assigned Bespoke items. |
| Lock | Lock a Bespoke record. |
| Archive | Archive a Bespoke item. |
| Delete | Delete a Bespoke item. |
| Importer | Import Bespoke items via Data Importer. |
| Disable Context Menu | Restrict context menu use in the Bespoke module. |
| Run Custom Actions | Run custom actions via context menu in Bespoke. |
| Send Emails | Send emails from Bespoke module. |
| View Hidden Tab | Access the hidden tab in Bespoke module. |
| Initiate Migration | Initiate a migration. |
| Assigned To | Assign Bespoke items to a user. |
| Delegate To 1 | Assign as Delegate 1 of a Bespoke item. |
| Delegate To 2 | Assign as Delegate 2 of a Bespoke item. |
| Configuration | Access Bespoke configuration in Admin section. |
Deployment Unit Permissions
| Permission | Description |
|---|---|
| Create | Create a new Deployment Unit. |
| Limit access to 'My Deployment Units' | View only assigned Deployment Units. |
| Lock | Lock or unlock a Deployment Unit. |
| Archive | Archive or unarchive a Deployment Unit. |
| Delete | Delete or undelete a Deployment Unit. |
| Importer | Import Deployment Units via Data Importer. |
| Disable Context Menu | Restrict context menu in Deployment Unit module. |
| Run Custom Actions | Run custom actions via context menu in Deployment Units. |
| Send Emails | Send emails from Deployment Units module. |
| View Hidden Tab | Access the hidden tab in Deployment Units. |
| Initiate Migration | Initiate a migration. |
| Populate Deployment Units | Populate and manage a Deployment Unit. |
| Customise Scheduling Slots | Edit and customise migration time slots. |
| Update Migration Slot | Override and update a migration slot. |
| Assigned To | Assign Deployment Units to a user. |
| Delegate To 1 | Assign as Delegate 1 of a Deployment Unit. |
| Delegate To 2 | Assign as Delegate 2 of a Deployment Unit. |
| Configuration | Access Deployment Unit configuration in Admin section. |
Defect Permissions
| Permission | Description |
|---|---|
| Create | Create a new Defect. |
| Limit access to 'My Defects' | View only assigned Defects. |
| Lock | Lock or unlock a Defect. |
| Archive | Archive or unarchive a Defect. |
| Delete | Delete or undelete a Defect. |
| Importer | Import Defects via Data Importer. |
| Disable Context Menu | Restrict context menu in Defects module. |
| Run Custom Actions | Run custom actions via context menu in Defects. |
| Send Emails | Send emails from Defects module. |
| View Hidden Tab | Access the hidden tab in Defects module. |
| Assigned To | Assign Defects to a user. |
| Delegate To 1 | Assign as Delegate 1 of a Defect. |
| Delegate To 2 | Assign as Delegate 2 of a Defect. |
| Configuration | Access Defects configuration in Admin section. |
Task Permissions
| Permission | Description |
|---|---|
| Create | Create a new Task. |
| Limit access to 'My Tasks' | View only assigned Tasks. |
| Lock | Lock or unlock a Task. |
| Archive | Archive or unarchive a Task. |
| Delete | Delete or undelete a Task. |
| Importer | Import Tasks via Data Importer. |
| Disable Context Menu | Restrict context menu in Tasks module. |
| Run Custom Actions | Run custom actions via context menu in Tasks. |
| Send Emails | Send emails from Tasks module. |
| Assigned To | Assign Tasks to a user. |
| Configuration | Access Tasks configuration in Admin section. |
Contact Permissions
| Permission | Description |
|---|---|
| Create | Create a new Contact. |
| Edit | Edit a Contact record. |
| Delete | Delete or undelete a Contact. |
| Importer | Import Contacts via Data Importer. |
Link Permissions
| Permission | Description |
|---|---|
| Create | Create a new link between modules. |
| Reject | Reject a link. |
| Delete | Delete or undelete a link. |
| Importer | Import links via Data Importer. |
| Bulk Read | (No additional description provided) |
| Configuration | Access link configuration in Admin section. |
Project Permissions
| Permission | Description |
|---|---|
| Member | Grants access to the project. |
| Manage Notifications | Manage project notifications. |
| View Email Queue | View the email messaging queue. |
| Edit Email Queue | Edit the email messaging queue. |
| Run Scripts As | Run scripts directly. |
| Send Project Emails | Send project emails. |
Project Config Roles
| Permission | Description |
|---|---|
| Admin UI Access | Access the default Admin UI. |
| Manage Global Configuration | Edit global settings including email and portal localisation. |
| Manage Project Configuration | Edit project settings, email templates, housekeeping, portal localisation. |
| Manage Extensions | Manage connectors, ESM, plugins, and custom settings. |
| Access ESM Plans | Manage ESM plans. |
| Access Connectors | Manage connectors. |
| Access Connectors UI | Access the Connectors UI. |
| Access Custom Settings | Access the Custom Settings UI. |
| Manage Micro Update Service | Configure the micro update services. |
| Manage Project Resources | Upload project resources for emails or attachments. |
| Manage Contacts | Configure the contacts UI (requires 'Manage Tabs, Details, Menu Items'). |
| Manage Blueprints | Create and edit blueprints in a project. |
| Manage Custom Forms | Create and edit custom forms. |
| Manage Scheduled Tasks | Create and edit scheduled tasks in a project. |
| Manage Scripts | Configure and manage PowerShell Scripts (requires 'Query User Accounts'). |
| Manage Email Templates | Create and edit email templates. |
| Manage UI Buttons | Create and manage UI buttons. |
| Apply Software Updates | Apply software updates. |
| View Software License | View, create new projects, get and apply license keys. |
Module Config Roles (Apps, Users, Devices, Mailboxes, Bespokes, Deployment Units, Defects, Tasks)
| Permission | Description |
|---|---|
| Manage Tabs, Details, Menu Items | Access tabs, details, and menu items in modules. |
| Manage Workflow | Manage workflow for modules. |
Portal Configuration
| Permission | Description |
|---|---|
| Access Portal Configuration | Access portal settings for configuring the web portal. |
| Manage Portal Wrappers | Manage portal wrappers. |
| Delete Portal Wrappers | Delete portal wrappers. |
| Manage Portal Pages | Manage portal pages. |
| Delete Portal Pages | Delete portal pages. |
| Manage Surveys | Manage surveys. |
| Delete Surveys | Delete surveys. |
| Manage Test Types | Create and edit test types. |
| Delete Test Types | Delete test types. |
| Manage Portal DMR Reports | Manage portal DMR reports. |
| Manage Portal Dashboards | Manage portal dashboards. |
User Account Roles
| Permission | Description |
|---|---|
| Manage User Accounts | Access user management in Admin section. |
| Manage Role Groups | Manage user role groups in Admin section. |
| Manage Blueprint Rules | Manage and edit blueprint rules. |
| Query User Accounts | Used by API or ESM for user validation. |
| Api Elevated | Used by API or ESM for certain rules. |
Reports
| Permission | Description |
|---|---|
| Run Endpoint Datamining Reports | Run endpoint datamining reports. |
| Run Endpoint Projection Reports | Run endpoint projection reports. |
| Run Endpoint Blueprint Readiness Reports | Run endpoint blueprint readiness reports. |
| Run Endpoint History Reports | Run endpoint history reports. |
| User can't save new DMRs | Prevent user saving new datamining reports. |
| User can't run DMRs | Prevent user running datamining reports. |
Cross Project Permissions
| Permission | Description |
|---|---|
| Configuration | Configure cross-project sharing settings. |
| Share Asset | Share assets to other projects. |
| Remove Asset | Remove shared assets from another project. |
Creating a Role Group
To create a new role group:
- Navigate to
Administration → Role Groupsunder the User Accounts, Roles, and Permissions section.
- Click
Click here to add new item.
- Enter a unique name and optional description for the role group, then select
Save Changes.
- Select
Edit Rulesnext to the role group to configure permissions.
- Assign the required permissions for each module by selecting appropriate checkboxes or controls.
- Click
Finishedafter configuring permissions.
- Click
Save Changesto finalise the new role group.
Adding a User to a Role Group
To assign a role group to a user:
- Go to
Administration → User Accountsin the User Accounts, Roles and Permissions section.
- Select the user or multiple users (use
CTRL + Clickfor multiple selections). - Right-click and choose
Add Roles.
- Select the desired roles (use
CTRL + Clickto select multiple roles), then clickAdd Roles.
Removing a User from a Role Group
To remove a role group from a user:
- Navigate to
Administration → MS User Accountsin the User Accounts, Roles, and Permissions section.
- Select the user or users (use
CTRL + Clickfor multiple selections). - Right-click and select
Remove Roles.
- Select the roles you wish to remove from the user(s), then click
Remove Roles.
Further Support
For additional assistance, visit the ManagementStudio Service Desk to search the knowledge base or submit a support ticket.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article