Support for role-specific access rights for patch distribution

Content

MaaS360 introduces role based access rights to restrict patch distribution permissions to authorized users. Previously, all the users were able to distribute patches. The customer administrators can either create new roles and define the new access rights or apply the default roles provided by MaaS360. 

Note: The access rights in default roles cannot be modified.

To create a new role and apply new access rights,

1. Navigate to Setup > Roles.

Result: The manage Role page appears.

2. Click Add Role.

The Basic Information page appears.

3. Provide basic information and in the Select Mode of Creation section, do one of the following:

• Click Select from Existing to select from existing custom and default roles to auto-populate access rights from the selected roles. Note: Users can modify the auto-populated access rights.
• Click Create new to manually select access rights.

4. Click Next.

Result: The Grant Access Rights page appears.

5. Select from the following new access rights that are available for patch distribution:

• Distribute patches for a device - Can view and distribute patches from individual device view. Cannot view or distribute from Security > OS Patches (Windows) and Security App Updates (Windows).
• View patches for a device - Can only view patches from individual device view. Cannot view patches from Security > OS Patches (Windows) and Security App Updates (Windows).
• Distribute Patches - Can view and distribute patches from Security > OS Patches (Windows) and Security App Updates (Windows). Cannot view or distribute patches from individual device view.
• View Patches - Can only view patches from Security > OS Patches (Windows) and Security App Updates (Windows). Cannot view patches from individual device view.

6. Click Save.

MaaS360 identifies and takes advantage of the existing roles to apply the new access rights. Different roles imply different level of access rights to security patches. The default roles and their default access rights are described as follows:

Read-Only role and Administrator role

Can only view patches both in device view and Security flow. In the Security flow, the Distribute links are unavailable.

In the device view, the Actions column is unavailable.

Help Desk role

Can view patches in device view and Security flow, but can only distribute patches from individual device view.

In the Security flow, the distribute links are unavailable.

In the device view, the Actions column is available.

Administrator Level 2 and Service Administrator 

Can view and distribute patches both from Security flow and device view