Permissions
Permissions
You can delegate access to different levels of functionality of RealmJoin Portal to different users based in Entra group- or role membership.
To delegate/limit which runbooks can be used by different operators, please see Runbook Permissions - which is not covered here.
If these predefined roles do not meet your requirements, you can request Custom Roles to be enabled for your environment to create additional, granular roles.
Admin Permissions
This will grant full administrative and configuration control over RealmJoin Portal. This includes:
Access to all features of User, Group and Device Management and Process Automation
Access to all features of Application Management
Full access to Settings including:
Modifying permissions / delegations
Onboarding/modifying Runbook integration
Modifying Runbooks permissions and customizing
Changing package automation defaults
Auditor Permissions
This will grant read-only access to all areas of RealmJoin Portal.
Read-only access to all areas of User, Group and Device Management
Read-only access to all features of Application Management
Reading Runbook Job logs
This permission does not include
Starting Runbooks
Subscribing to apps/packages
Modifying group memberships / assignments
Access to Settings
Supporter Permissions
This will grant:
Read-only access to all areas of User, Group and Device Management
Additionally allows to initiate AnyDesk sessions and create LAPS accounts
This permission does not include
Subscribing to apps/packages
Modifying group memberships / assignments
Access to Settings
Starting Runbooks or Read Runbook Job logs
Runbook Runner Permissions
This will grant:
Read-only access to all areas of User, Group and Device Management
Starting Runbooks
Reading Runbook Job logs
This permission does not include
Subscribing to apps/packages
Modifying group memberships / assignments
Access to Settings
This is the recommended permission to use for User/Device Supporter Roles.
Software Agent Permissions
This will grant:
Read-only access to User and Group Management
Full access on application management groups
Access to all features of Application Management
This permission does not include
Starting Runbooks
Modifying group memberships / assignments other than through application management
Access to Settings
Software Requester Permissions
This allows a user to file a request to RealmJoin for a new software package to be created and offered in his organization / tenant.
Regular software requests will be processed by the "package as a service" team at RealmJoin.
This permission does not include
Access to User, Group and Device Management
Access to Application Management
Starting Runbooks or reading Runbook Job logs
Access to Settings
Organic Software Requester Permissions
This allows a user to automatically create a software package from uploaded sources in his organization / tenant.
No manual check by the "package as a service" team at RealmJoin will be done on these packages.
This permission does not include
Access to User, Group and Device Management
Access to Application Management
Starting Runbooks or reading Runbook Job logs
Access to Settings
Permission Defaults
Normal users will by default only have access to the About Me page to support self-service scenarios.
On initial onboarding, The AzureAD role "Global Admins" is also a RealmJoin Admin, so that initial configuration is possible.
Last updated