LogoLogo
LogoLogo
  • Welcome
    • Navigation
  • RealmJoin Deployment
    • Onboarding
    • Required Permissions
    • Infrastructure Considerations
      • Multi User Devices
    • Migration to RealmJoin vNext
  • User, Group and Device Management
    • Overview
    • User Profile
    • Organization Details
    • User, Group and Device Lists
      • Advanced Search
      • User Details
      • Group Details
      • Device Details
    • User and Group Settings
      • Available RealmJoin Policies
  • App Management
    • Packages
      • Package Store
        • Application Store Details
      • Package Management
      • Package Details
      • Package Assignments
        • Package Migration
      • Package Settings
      • Packaging Requests
        • Organic Packages
    • AVD Templates
  • Automation
    • Connecting Azure Automation
      • Required Permissions
      • Runbook Parameters
    • Runbooks
      • Runbook Customization
      • Runbook Permissions
      • Naming Conventions
      • Runbook Scheduling
      • Runbook Logs
        • Runbook Job Details
      • Runbooks Changelog
    • Requirements
    • Remediation Scripts
  • RealmJoin Agent
    • Features
      • Local Admin Password Solution (LAPS)
        • KeyVault
        • Application Insights
      • Notifications
      • AnyDesk Integration
        • AnyDesk configuration
      • App Deployment using the Agent
        • RealmJoin ESP
    • Deploying the Agent
    • User Interface
  • Logs
    • Connecting Azure Log Analytics Workspace
    • Audit Log
  • RealmJoin Settings
    • Overview
    • General
    • Roles and Permissions
      • Pre-defined Roles
      • Custom Roles
        • Available Permissions
    • Group Namespaces
    • Workplace Cloud Storage
    • Self Service Forms
  • Developer Reference
    • RealmJoin API
      • Authentication
    • Interacting with Runbooks
    • Simulating a Runbook Environment
    • Local Admin Password Management
  • Other
    • FAQ
      • Security
    • Troubleshooting
      • Package Installation Issues
        • Collecting Logfiles
        • Logfiles Structure
        • Analysing chocolatey.log
        • Troubleshooting failed chocolatey packages
        • Troubleshooting failed craft packages
        • Fixes for common issues
        • Intunewin Debugging
      • LAPS Issues
        • LAPS account passwords cannot be retrieved
        • Requested LAPS Accounts are not being created
    • Changelog
  • Legal
    • Licensing
    • Support
  • RealmJoin Website
Powered by GitBook
On this page
  • Usage
  • Available roles
  • Admin Permissions
  • Auditor Permissions
  • Supporter Permissions
  • Runbook Runner Permissions
  • Software Agent Permissions
  • Software Requester Permissions
  • Organic Software Requester Permissions
  • Notification Agent Permissions

Was this helpful?

Edit on GitHub
  1. RealmJoin Settings
  2. Roles and Permissions

Pre-defined Roles

Last updated 22 days ago

Was this helpful?

Usage

All pre-defined roles can be assigned to one or multiple Entra groups. If wanted, you can manage those groups via Microsoft Entra Privileged Identity Management (e.g. implement just-in-time privileged access with approval mechanisms).

Simply click on "[x] groups" and add or remove the desired Entra groups.

Available roles

Admin Permissions

This will grant full administrative and configuration control over RealmJoin Portal. This includes e.g.:

    • Modifying permissions / delegations

    • Onboarding/modifying Runbook integration

    • Modifying Runbooks permissions and customizing

    • Changing package automation defaults

  • Retrieval of LAPS credentials

  • Manage Workplace Cloud Storage

Auditor Permissions

This will grant read-only access to all areas of RealmJoin Portal.

  • Reading Runbook Job logs

This permission does not include:

  • Starting Runbooks

  • Subscribing to apps/packages

  • Modifying group memberships / assignments

  • Retrieval of LAPS credentials

If you combine Auditor with roles from down below, retrieval of LAPS credentials will not be possible.

Supporter Permissions

This will grant:

  • Initiate remote support sessions

  • Retrieval of LAPS credentials

  • Sync/scan device

  • Request device logs

This permission does not include:

  • Subscribing to apps/packages

  • Modifying group memberships / assignments

  • Starting Runbooks or Read Runbook Job logs

Runbook Runner Permissions

This will grant:

  • Starting Runbooks

  • Reading Runbook Job logs

This permission does not include:

  • Subscribing to apps/packages

  • Modifying group memberships / assignments

Software Agent Permissions

This will grant:

    • Full access on application management groups

This permission does not include:

  • Starting Runbooks

  • Modifying group memberships / assignments other than through application management

Software Requester Permissions

This allows a user to file a request to RealmJoin for a new software package to be created and offered in his organization / tenant. Regular software requests will be processed by the "package as a service" team at RealmJoin.

This permission does not include:

  • Starting Runbooks or reading Runbook Job logs

Organic Software Requester Permissions

This allows a user to automatically create a software package from uploaded sources in his organization / tenant. No manual check by the "package as a service" team at RealmJoin will be done on these packages.

This permission does not include:

  • Starting Runbooks or reading Runbook Job logs

Notification Agent Permissions

This allows a user to create and publish notifications.

This permission does not include:

  • Starting Runbooks or reading Runbook Job logs

Access to all features of and

Access to all features of

Full access to including:

Read-only access to all areas of

Read-only access to all features of

Access to

Read-only access to all areas of

Access to

Read-only access to all areas of

Access to

Read-only access to

Access to all features of

Access to

Access to

Access to

Access to

Access to

Access to

Access to

Access to

Access to

Access to

User, Group and Device Management
Process Automation
Application Management
Settings
User, Group and Device Management
Application Management
Settings
User, Group and Device Management
Settings
User, Group and Device Management
Settings
User and Group Management
Application Management
Device Management
Settings
User, Group and Device Management
Application Management
Settings
User, Group and Device Management
Application Management
Settings
User, Group and Device Management
Application Management
Settings