User roles

While most SDM customers do not need to have the settings on the Roles tab changed, it is useful to be aware of at least the differences in privileges between the three everyday SDM user types: Manager, Service Desk, and User, which can be read directly on this tab.

Note

Snow Software recommends that great care be taken in cloning existing roles, creating new roles, and assigning custom privileges, as these customized configurations can potentially be hard to keep track of and, therefore, become potentially problematic. Be that as it may, the settings and information on this page are applied on the Users tab in the Create user dialog:

SDM-6_0_Domain-admin_ROLES_focus-on-Create-user-dialog_for-role-and-privilege_CROPPED.png

Role descriptions

The following table describes the different SDM user roles. On the Roles tab, the exact Privileges for each role are listed.

Role

Description

domainadmin

The Domain administrator is responsible for configuring the SDM domain's services, certificates, and integrations to third-party services, such as Google EMM, VPP, and DEP.

service

The Service user role is used for accessing SDM from other services via REST API or SCE, for example.

manager

The Manager is the main role in SDM, allowing for managing users, user groups, packages, and devices.

service desk

A Service desk user is usually handling end-user requests for help with settings, or finding and locking devices. A Service desk user has no right to configure packages or services, but only to handle users and devices.

user

An SDM user is normally represented by a user in Active Directory with no administration or management rights. SDM users only have access to their own user and device(s).