LogoLogo
LogoLogo
  • Welcome
    • Navigation
  • RealmJoin Deployment
    • Onboarding
    • Required Permissions
    • Infrastructure Considerations
      • Multi User Devices
    • Migration to RealmJoin vNext
  • User, Group and Device Management
    • Overview
    • User Profile
    • Organization Details
    • User, Group and Device Lists
      • Advanced Search
      • User Details
      • Group Details
      • Device Details
    • User and Group Settings
      • Available RealmJoin Policies
  • App Management
    • Packages
      • Package Store
        • Application Store Details
      • Package Management
      • Package Details
      • Package Assignments
        • Package Migration
      • Package Settings
      • Packaging Requests
        • Organic Packages
    • AVD Templates
  • Automation
    • Connecting Azure Automation
      • Required Permissions
      • Runbook Parameters
    • Runbooks
      • Runbook Customization
      • Runbook Permissions
      • Naming Conventions
      • Runbook Scheduling
      • Runbook Logs
        • Runbook Job Details
      • Runbooks Changelog
    • Requirements
    • Remediation Scripts
  • RealmJoin Agent
    • Features
      • Local Admin Password Solution (LAPS)
        • KeyVault
        • Application Insights
      • Notifications
      • AnyDesk Integration
        • AnyDesk configuration
      • App Deployment using the Agent
        • RealmJoin ESP
    • Deploying the Agent
    • User Interface
  • Logs
    • Connecting Azure Log Analytics Workspace
    • Audit Log
  • RealmJoin Settings
    • Overview
    • General
    • Roles and Permissions
      • Pre-defined Roles
      • Custom Roles
        • Available Permissions
    • Group Namespaces
    • Workplace Cloud Storage
    • Self Service Forms
  • Developer Reference
    • RealmJoin API
      • Authentication
    • Interacting with Runbooks
    • Simulating a Runbook Environment
    • Local Admin Password Management
  • Other
    • FAQ
      • Security
    • Troubleshooting
      • Package Installation Issues
        • Collecting Logfiles
        • Logfiles Structure
        • Analysing chocolatey.log
        • Troubleshooting failed chocolatey packages
        • Troubleshooting failed craft packages
        • Fixes for common issues
        • Intunewin Debugging
      • LAPS Issues
        • LAPS account passwords cannot be retrieved
        • Requested LAPS Accounts are not being created
    • Changelog
  • Legal
    • Licensing
    • Support & Service Level
  • RealmJoin Website
Powered by GitBook
On this page
  • Architecture
  • Permission Defaults

Was this helpful?

Edit on GitHub
  1. RealmJoin Settings

Roles and Permissions

Last updated 1 month ago

Was this helpful?

Architecture

You can delegate access to different levels of functionality of RealmJoin Portal to Entra users via pre-defined and/or custom roles:

  • pre-defined roles with a fixed set of permissions

    • recommended and ready-to-use

    • multiple roles can be combined although this increases complexity (not recommended)

    • assignable to Entra groups

    • see

  • custom roles with flexible selection of permissions

    • if pre-defined roles do not meet your requirements, you can request to be enabled for your environment

    • custom roles can be combined with pre-defined roles (to add additional permissions) although this increases complexity (not recommended)

    • assignable to Entra groups and/or single users

To delegate/limit which subset of runbooks can be used by different operators, please see .

Permission Defaults

By default, all users will have access to the page to facilitate self-service scenarios.

During initial onboarding, the Entra role "Global Administrators" is also assigned as a RealmJoin Administrator to facilitate the initial configuration process.

available roles
Custom Roles
Runbook Permissions
User profile