LogoLogo
LogoLogo
  • Welcome
    • Navigation
  • RealmJoin Deployment
    • Onboarding
    • Required Permissions
    • Infrastructure Considerations
      • Multi User Devices
    • Migration to RealmJoin vNext
  • User, Group and Device Management
    • Overview
    • User Profile
    • Organization Details
    • User, Group and Device Lists
      • Advanced Search
      • User Details
      • Group Details
      • Device Details
    • User and Group Settings
      • Available RealmJoin Policies
  • App Management
    • Packages
      • Package Store
        • Application Store Details
      • Package Management
      • Package Details
      • Package Assignments
        • Package Migration
      • Package Settings
      • Packaging Requests
        • Organic Packages
    • AVD Templates
  • Automation
    • Connecting Azure Automation
      • Required Permissions
      • Runbook Parameters
    • Runbooks
      • Runbook Customization
      • Runbook Permissions
      • Naming Conventions
      • Runbook Scheduling
      • Runbook Logs
        • Runbook Job Details
      • Runbooks Changelog
    • Requirements
    • Remediation Scripts
  • RealmJoin Agent
    • Features
      • Local Admin Password Solution (LAPS)
        • KeyVault
        • Application Insights
      • Notifications
      • AnyDesk Integration
        • AnyDesk configuration
      • App Deployment using the Agent
        • RealmJoin ESP
    • Deploying the Agent
    • User Interface
  • Logs
    • Connecting Azure Log Analytics Workspace
    • Audit Log
  • RealmJoin Settings
    • Overview
    • General
    • Roles and Permissions
      • Pre-defined Roles
      • Custom Roles
        • Available Permissions
    • Group Namespaces
    • Workplace Cloud Storage
    • Self Service Forms
  • Developer Reference
    • RealmJoin API
      • Authentication
    • Interacting with Runbooks
    • Simulating a Runbook Environment
    • Local Admin Password Management
  • Other
    • FAQ
      • Security
    • Troubleshooting
      • Package Installation Issues
        • Collecting Logfiles
        • Logfiles Structure
        • Analysing chocolatey.log
        • Troubleshooting failed chocolatey packages
        • Troubleshooting failed craft packages
        • Fixes for common issues
        • Intunewin Debugging
      • LAPS Issues
        • LAPS account passwords cannot be retrieved
        • Requested LAPS Accounts are not being created
    • Changelog
  • Legal
    • Licensing
    • Support
  • RealmJoin Website
Powered by GitBook
On this page
  • Overview
  • Using the editor
  • Syntax check / Errors
  • Formatting
  • Auto-Complete
  • Rules
  • Name and Description
  • Permissions
  • Groups
  • Users

Was this helpful?

Edit on GitHub
  1. RealmJoin Settings
  2. Roles and Permissions

Custom Roles

Last updated 23 days ago

Was this helpful?

Overview

Custom Roles is an optional feature in RealmJoin Portal and allows to create additional RealmJoin internal roles. You can assign granular / atomic permissions to these roles and bind them to Entra groups or dedicated users.

If custom roles are needed, please request activation via RealmJoin support.

Custom Roles are defined as JSON. The JSON editor included in RealmJoin Portal offers syntax checking and highlighting and will verify your definition against the Custom Roles JSON schema.

Using the editor

Syntax check / Errors

The editor will check the syntax as you type. If a syntax error is detected, an error message View x errors and bug icon will appear next to Save.

Click on this message to get more details about the error.

Formatting

You can auto-format the JSON by clicking Format in the upper right corner of the page.

Auto-Complete

The Editor can offer Auto-Complete known keywords (like permissions) from the schema.

You can press "Ctrl" + "Space" at any time to invoke Auto-Complete.

Rules

A role is described as a pair of permissions and users and/or groups these permissions are given to.

Roles are listed as part of an array (list) under the keyword Rules.

Example set of rules:

{
  "Rules": [
    {
      "Name": "Default: Supporters can change primary user [27e589a7]",
      "Description": "Default rule to allow members of a Supporter group to change the primary user of RealmJoin joined devices. Please keep the ID that is included its name.",
      "Groups": [
        "f31f5765-f56f-47fa-9248-ac2d77221634",
        "422e6b7c-bd99-4082-be1c-88cbc2bb2734"
      ],
      "Permissions": [
        "CanChangeRealmJoinPrimaryUser"
      ]
    },{
      "Name": "Allow John to add new Self Service Forms",
      "Users": [
        "b31f5765-f56f-47fa-9248-ac2d77221622"
      ],
      "Permissions": [
        "CanAddSelfServiceForms"
      ]
    }
  ]
}

Name and Description

Name is required, Description is optional.

Both are plain text fields (string).

Permissions

A permission is a unique string, identifying a certain action in RealmJoin Portal. Permissions is a list (array) of permissions.

Groups

Users

See for a list and description of common permissions.

A list (array) of Entra group object IDs. Given will be assigned to all users that are members of these groups.

A list (array) of Entra user object IDs. Given will be assigned to these users.

Available Permissions
permissions
permissions
Custom Roles JSON Editor
JSON error message/button
Format Button
Keyword Auto-Complete