Pre-defined Roles
Last updated
Was this helpful?
Last updated
Was this helpful?
All pre-defined roles can be assigned to one or multiple Entra groups. If wanted, you can manage those groups via Microsoft Entra Privileged Identity Management (e.g. implement just-in-time privileged access with approval mechanisms).
Simply click on "[x] groups" and add or remove the desired Entra groups.
This will grant full administrative and configuration control over RealmJoin Portal. This includes e.g.:
Modifying permissions / delegations
Onboarding/modifying Runbook integration
Modifying Runbooks permissions and customizing
Changing package automation defaults
Retrieval of LAPS credentials
Manage Workplace Cloud Storage
This will grant read-only access to all areas of RealmJoin Portal.
Reading Runbook Job logs
This permission does not include:
Starting Runbooks
Subscribing to apps/packages
Modifying group memberships / assignments
Retrieval of LAPS credentials
This will grant:
Initiate remote support sessions
Retrieval of LAPS credentials
Sync/scan device
Request device logs
This permission does not include:
Subscribing to apps/packages
Modifying group memberships / assignments
Starting Runbooks or Read Runbook Job logs
This will grant:
Starting Runbooks
Reading Runbook Job logs
This permission does not include:
Subscribing to apps/packages
Modifying group memberships / assignments
This will grant:
Full access on application management groups
This permission does not include:
Starting Runbooks
Modifying group memberships / assignments other than through application management
This allows a user to file a request to RealmJoin for a new software package to be created and offered in his organization / tenant. Regular software requests will be processed by the "package as a service" team at RealmJoin.
This permission does not include:
Starting Runbooks or reading Runbook Job logs
This allows a user to automatically create a software package from uploaded sources in his organization / tenant. No manual check by the "package as a service" team at RealmJoin will be done on these packages.
This permission does not include:
Starting Runbooks or reading Runbook Job logs
This allows a user to create and publish notifications.
This permission does not include:
Starting Runbooks or reading Runbook Job logs
Access to all features of and
Access to all features of
Full access to including:
Read-only access to all areas of
Read-only access to all features of
Access to
Read-only access to all areas of
Access to
Read-only access to all areas of
Access to
Read-only access to
Access to all features of
Access to
Access to
Access to
Access to
Access to
Access to
Access to
Access to
Access to
Access to
