Permission

Permissions
You can delegate access to different levels of functionality of RealmJoin Portal to different users based in AzureAD group- or role membership. 
To delegate/limit which runbooks can be used by different operators, please see Runbook Permissions - which is not covered here.
If these predefined roles are not meeting your requirements, you can request Custom Roles to be enabled for your environment to create additional, granular roles.
Admin Permissions
This will grant full administrative and configuration control over RealmJoin Portal. This includes:
Access to all features of User, Group and Device Management and Process Automation​
Access to all features of Application Management​
Full access to Settings, incl.
Modifying permissions / delegations
Onboarding/modifying Runbook integration
Modifying Runbooks permissions and customizing
Changing package automation defaults
Auditor Permissions
This will grant read-only access to all areas of RealmJoin Portal. 
Read-only access to all areas of User, Group and Device Management 
Read-only access to all features of Application Management​
Reading Runbook Job logs
This permissions does not include
Starting Runbooks 
Subscribing to apps/packages
Modifying group memberships / assignments
Access to Settings​
Supporter Permissions
This will grant:
Read-only access to all areas of User, Group and Device Management 
This permissions does not include
Subscribing to apps/packages
Modifying group memberships / assignments
Access to Settings​
Starting Runbooks or Read Runbook Job logs
Runbook Runner Permissions
This will grant:
Read-only access to all areas of User, Group and Device Management 
Starting Runbooks 
Reading Runbook Job logs
This permissions does not include
Subscribing to apps/packages
Modifying group memberships / assignments
Access to Settings​
This is the recommended permission to use for User/Device Supporter Roles.
Software Agent Permissions
This will grant:
Read-only access to User and Group Management​
Full access on application managent groups
Access to all features of Application Management​
This permissions does not include
Starting Runbooks 
Modifying group memberships / assignments other than through application manangent
​Device Management​
Access to Settings​
Software Requester Permissions
This allows a user to file a request to glueckkanja-gab for a new  software package to be created and offered in his organization / tenant.
Regular software requests will be processed by the "package as a service" team at glueckkanja-gab.
This permission does not include
Access to User, Group and Device Management 
Access to Application Management​
Starting Runbooks or reading Runbook Job logs
Access to Settings​
Organic Software Requester Permissions
This allows a user to automatically create a software package from uploaded sources in his organization / tenant.
No manual check by the "package as a service" team at glueckkanja-gab will be done on these packages.
This permission does not include
Access to User, Group and Device Management 
Access to Application Management​
Starting Runbooks or reading Runbook Job logs
Access to Settings​
Permission Defaults
Normal users will by default only have access to the About Me page to support self-service scenarios.
On initial onboarding, The AzureAD role "Global Admins" is also a RealmJoin Admin, so that initial configuration is possible. 

General

Groups

Last modified 2mo ago