Permissions

Permissions

You can delegate access to different levels of functionality of RealmJoin Portal to different users based in Entra group- or role membership.

To delegate/limit which runbooks can be used by different operators, please see Runbook Permissions - which is not covered here.

If these predefined roles do not meet your requirements, you can request Custom Roles to be enabled for your environment to create additional, granular roles.

Admin Permissions

This will grant full administrative and configuration control over RealmJoin Portal. This includes:

Auditor Permissions

This will grant read-only access to all areas of RealmJoin Portal.

This permission does not include

  • Starting Runbooks

  • Subscribing to apps/packages

  • Modifying group memberships / assignments

  • Access to Settings

Supporter Permissions

This will grant:

This permission does not include

  • Subscribing to apps/packages

  • Modifying group memberships / assignments

  • Access to Settings

  • Starting Runbooks or Read Runbook Job logs

Runbook Runner Permissions

This will grant:

This permission does not include

  • Subscribing to apps/packages

  • Modifying group memberships / assignments

  • Access to Settings

This is the recommended permission to use for User/Device Supporter Roles.

Software Agent Permissions

This will grant:

This permission does not include

  • Starting Runbooks

  • Modifying group memberships / assignments other than through application management

  • Access to Settings

Software Requester Permissions

This allows a user to file a request to RealmJoin for a new software package to be created and offered in his organization / tenant.

Regular software requests will be processed by the "package as a service" team at RealmJoin.

This permission does not include

Organic Software Requester Permissions

This allows a user to automatically create a software package from uploaded sources in his organization / tenant.

No manual check by the "package as a service" team at RealmJoin will be done on these packages.

This permission does not include

Permission Defaults

Normal users will by default only have access to the About Me page to support self-service scenarios.

On initial onboarding, The AzureAD role "Global Admins" is also a RealmJoin Admin, so that initial configuration is possible.

Last updated