Docs / Platform Settings / Role Permissions

Roles & Permissions

ZEM Cloud uses a role-based access control system to manage what administrators can see and do.

Understanding Roles

A role is a collection of permissions that define what actions a user can perform. Each administrator is assigned one role.

Built-in Roles

  • Owner - Full access to all features; cannot be modified or deleted
  • Admin - Full access to all features; can be customised

Custom Roles

Create custom roles with specific permissions for different administrator types, such as:

  • Help Desk - View endpoints and execute basic actions
  • Auditor - View-only access to all sections
  • Mobile Admin - Manage only mobile devices

Permission Categories

Dashboard Access

  • View Home Dashboard - Access the home page statistics
  • View Endpoint Overview - Access the endpoints list
  • View Mobile Devices - Access the mobile devices list
  • View Packages - Access the packages dashboard
  • View Action Queue - Access the action queue

Endpoint Management

  • View Endpoint Details - Open endpoint detail panels
  • Execute Remote Actions - Reboot, shutdown, update
  • Manage Endpoint Users - Add, remove, lock local users
  • Edit Endpoint Settings - Change auto-reboot, timezone
  • Hide/Unhide Endpoints - Control endpoint visibility

Mobile Device Management

  • View Device Details - Open device detail pages
  • Execute Mobile Actions - Lock, ring, wipe, message
  • Enrol Mobile Devices - Generate enrolment QR codes
  • Unenrol Mobile Devices - Remove devices from management

Administration

  • Manage Users - Create and edit administrator accounts
  • Manage Roles - Create and edit roles
  • View Audit Log - Access the audit log
  • Edit Configuration - Modify system settings
  • Manage Agent Scripts - Edit agent scripts

Managing Roles

Viewing Roles

  1. Navigate to User Management
  2. Click Manage Roles

The roles list displays all available roles and their permission counts.

Creating a Role

  1. Click Add Role
  2. Enter a role name and description
  3. Select the permissions to grant
  4. Click Create Role

Editing a Role

  1. Click on the role in the list
  2. Modify the name, description, or permissions
  3. Click Save Changes

Deleting a Role

  1. Click on the role in the list
  2. Click Delete Role
  3. Reassign any users currently using this role
  4. Confirm the deletion

Built-in roles (Owner, Admin) cannot be deleted.

Assigning Roles

To change a user's role:

  1. Navigate to User Management
  2. Click on the user
  3. Select a new role from the dropdown
  4. Click Save Changes

Best Practices

  • Principle of Least Privilege - Grant only the permissions users need
  • Separate Duties - Use different roles for different responsibilities
  • Regular Review - Periodically review role assignments
  • Document Roles - Use clear names and descriptions
  • Test Changes - Test permission changes before applying widely

Permission Inheritance

Permissions do not inherit or cascade. Each permission must be explicitly granted.

For example, granting "Execute Remote Actions" does not automatically grant "View Endpoint Details". Both must be enabled for the user to see endpoint details and execute actions.