Configuring a Device Admin

Although a Loftware Enterprise SP administrator can be responsible for configuring devices in Loftware Enterprise SP, you can also use the built-in DEVICE_ADMIN role for a Loftware Enterprise SP user who is responsible for creating and configuring devices in Loftware Enterprise SP, but is not a full Loftware Enterprise SP administrator (a user with the LOCAL_ADMIN role).

If you want to use the DEVICE_ADMIN role or create a custom role, it is recommended that you create a group in Loftware Enterprise SP for Device Admins so that you can manage permissions for those users as a group.

Important: Access in Loftware Enterprise SP requires both role-based permissions Permissions that are assigned to a role and inherited by users who are members of a group to which that role is assigned or by users to whom the role is directly assigned. A user must have both a role-based permission and the corresponding object access permission to perform an action on an object. and object access permissions Permissions in Loftware associated with a specific object or with a folder that control what actions can be performed on that object or on objects within that folder. Each object has default permissions that can be overridden by exceptions for a specific group or user. A user must have both a role-based permission and the corresponding object access permission to perform an action on an object.. For a user to be able to perform an action on an object, the user must directly or indirectly be assigned a role that grants permission to perform that action on that type of object. Additionally, that particular object must either be in a folder that directly or indirectly grants the user access permission to perform that action on that type of object or else that particular object must directly or indirectly grant permission to the user to perform that action. There are several permissions that are only role-based or only object-based and do not require a corresponding permission. Examples include List permission for Folders and all permissions for Model Status (Auto Refresh), Tag Categories, and Devices.

Creating a Custom Role

Tip: Select the DEVICE_ADMIN role, and click Copy Role to create a new role that you can customize.

If you want to create a custom role for users who manage devices as all or part of their job, the group should have access to at least the following pages in Loftware Enterprise SP:

• Access Control  
• Devices  
• Preferences  
• Status
• Print  

This group must typically have at least the following role-based permissions:

• Folders: Read, Write, Create, Delete, and Admin permissions
• Users: Read permission
• Documents: Read and Print permissions
• Devices: Read, Write, Create, Delete, Admin, Print
• Device Groups: Read, Write, Create, Delete, Admin, Print, and Queue permissions
• Servers: Read, Write, and Print permissions
• Jobs: Read, Create, and Print permissions
• Processes: Read and Print permissions
• Integrations: Read permissions
• Data Services: Read and Print permissions
• User Profiles: Read permission
• Model Status (Auto Refresh): Read permission
• Remote Sites: Read, Write, Create, Delete, Admin permission

Folders containing device groups or Remote Sites that Device Admins are responsible for managing should have at least the following object access permissions granted to this group. These users may also need access to folders containing objects relevant to testing the functionality of devices and viewing reporting information.

Type	Read	Write	Create	Delete	Admin	List	Print	Design Print	Publish	Reprint	Queue
Folders
Users
Groups
Roles
Documents
Device Groups
Servers
Jobs
Processes
Integrations
Data Services
User Profiles
Remote Sites
Facilities

For more information about configuring users and groups and about granting access to objects, see Getting Started with Users and Permissions.