Available Permissions
Last updated
Was this helpful?
Last updated
Was this helpful?
This page will try to list and explain available permissions for Custom Roles.
The user gains access to to
The user gains read access to (Package Management List). This does not grant permission to the package details.
Given:
Given:
Given:
The user gains the ability to add/remove user or group assignments in a packages details.
Given:
Given:
Given:
Given:
The user gains the ability to modify an app's display name.
Given:
Given:
Given:
The user gains the ability to submit a software packaging request to RealmJoin.
Please combine this with either CanRequestSoftwareOrganic or CanRequestSoftwarePaas
The user gains the ability to submit an "organic" software package to RealmJoin for distribution via RealmJoin Client to specific users.
Organic packages contain raw and unprocessed application setups. When handling those, RealmJoin is used as a transport vehicle to move the zipped container to a specified location. Depending on its payload, the installer then has to be manually started by the user (if user mode) or a remote administrator or field service.
The software deployment will not be tested by RealmJoin.
The user gains the ability to submit a software packaging request to RealmJoin.
This does not grant permission to the package details or to subscribe to an app.
Given:
CanReadPackageStoreTable
Allow a user to inspect a package store offering. This does not grant permission to subscribe to an app.
Given:
CanReadPackageStoreDetails
Allow the user to subscribe to an offering from package store.
Given:
CanReadUserDetails
Given:
CanReadUserDetails
CanSeeRealmJoinUserSettings
Given:
CanReadUserDetails
Given:
CanReadUserDetails
These permissions allow a user to see Microsoft Entra user sign in information as JSON in a separate tab.
Given:
CanReadGroupDetails
The user gains the ability to add or remove members from groups.
Given:
CanReadGroupDetails
The user gains the ability to delete a group.
Given:
CanReadGroupDetails
The user gains the ability to change a group's display name.
Given:
CanReadGroupDetails
Given:
CanReadGroupDetails
Given:
CanReadGroupDetails
CanSeeRealmJoinGroupSettings
The user can trigger collecting "Extended Logs" for a device using RealmJoin Client .
The user can trigger a Defender for Endpoint scan for a Windows device.
The user can trigger an Intune sync for a managed Windows device.
Allow the user to assign a different primary user in RealmJoin.
Allow the user to see a device's Autopilot information (if present)
Allow the user to see a device's extended sec. info from Defender for Endpoint - if available.
Allow the user to see links to Intune, Microsoft Entra etc. Only useful if the user is allowed to use these portals.
CanSeeDeviceJsonAtp
CanSeeDeviceJsonAutopilot
CanSeeDeviceJsonAzureAD
CanSeeDeviceJsonIntune
CanSeeDeviceJsonRealmJoin
Allow the user to see network information for a device if available.
This will include "Delivery Optimization" information if available.
Allow the user to see RealmJoin Client details or a device.
Allow the use to see the Safeguard Holds for a device.
Safeguard Holds indicate that a Windows device can not upgrade to a newer version of Windows.
Allow the user to see a device's security state, especially device compliance.
RealmJoin Portal can pull security recommendations and vulnerabilities from the Microsoft Security Center. This permission allows a user to see these for a device respectively.
Allow the user to see the devices logged in user.
Be aware: If not given this permission, a user able to see the device's details can still see the device's owner.
Given:
Self Service Forms are enabled for your tenant
The user can see the list of available runbooks, limited by:
Object types (Users/Groups/Devices/Org) the user can see
This does not grant the right to actually start Runbook jobs.
The user can start Runbooks, if CanSeeRunbooks is given and the conditions listed there are met.
View the named areas of Workplace Cloud storage.
Upload resp. edit the named areas of Workplace Cloud storage.
Delete files in the named areas of Workplace Cloud storage.
User has access
The user gains read only access to Intune packages / .
User has access
The user gains read only access to RealmJoin Client packages / .
User has access to
User has access to
On RealmJoin Client Packages, the option to change will be shown and users can modify the settings.
User has access to
The user gains the ability to modify an app's command line arguments in .
User has access to
The user gains the ability to modify an settings ( = If and when newer versions of the package from the store will be automatically rolled out to existing users.)
User has access to
User has access to
The user gains the ability to modify an .
User has access to
The user gains the ability to modify an app's Technical App. Owners in .
User has access to
The user gains the ability to delete an app from a . This will not remove an app from the package store and will not trigger uninstallations on existing deployments.
The software will be packaged by RealmJoin and will become available for consumption through the .
The user gains access to the (Package Store List).
Allow to see additional, diagnostic JSON information for a package in or .
The user gains the ability to see the .
The user gains the ability to inspect an individual .
Allow the user to see/inspect assigned to a specific user.
Allow the user to add/modify/delete assigned to a specific user.
The user gains the ability to see the list of (across all users) from the .
The user gains the ability to inspect all ' details.
These permissions allow a user to see specific diagnostic information as JSON in separate tabs if "show advanced info" is enabled in .
The user gains the ability to see the list of all .
The user gains the ability to inspect an individual Microsoft Entra / RealmJoin internal .
Allow the user to see diagnostic metadata about a Microsoft Entra or RealmJoin internal group, if "Show advanced info" is enabled in .
Allow the user to see/inspect assigned to a specific group.
Allow the user to add/modify/delete assigned to a specific group.
The user gains the ability to see the list of (across all groups) from the .
The user gains the ability to inspect all ' details.
The user gains the ability to see the list of all .
The user gains the ability to inspect an individual .
These permissions allow a user to see specific diagnostic information as JSON in separate tabs if "show advanced info" is enabled in .
See .
Allow the user to use the for a device.
Allow the user to use / connect to a device using from RealmJoin Portal.
Allow the user to see / read the .
These permissions allow a user to see specific diagnostic information as JSON in separate tabs if "show advanced info" is enabled in .
The user can see the list of recent submissions.
The user can inspect individual submission details and contents.
User has access to
The user can create new or delete Self Service Forms in respectively.
Runbooks as limited by
If the user is able to see Runbooks, he/she can create/manage .
Allow a user to see the list.
Allow a user to inspect a item and output.
