Skip to main content

User roles

While most Snow Device Manager customers do not need to have the settings on the Roles tab changed, it is useful to be aware of at least the differences in privileges between the three everyday Snow Device Manager user types: Manager, Service Desk, and User, which can be read directly on this tab.


Snow Software recommends that great care be taken in cloning existing roles, creating new roles, and assigning custom privileges, as these customized configurations can potentially be hard to keep track of and, therefore, become potentially problematic. Be that as it may, the settings and information on this page are applied on the Users tab in the Create user dialog:


Role descriptions

The following table describes the different SDM user roles. On the Roles tab, the exact Privileges for each role are listed.




The Domain administrator is responsible for configuring the SDM domain's services, certificates, and integrations to third-party services, such as Google EMM, VPP, and DEP.


The Service user role is used for accessing SDM from other services via REST API or SCE, for example.


The Manager is the main role in SDM, allowing for managing users, user groups, packages, and devices.

service desk

A Service desk user is usually handling end-user requests for help with settings, or finding and locking devices. A Service desk user has no right to configure packages or services, but only to handle users and devices.


An SDM user is normally represented by a user in Active Directory with no administration or management rights. SDM users only have access to their own user and device(s).