Permission
You can delegate access to different levels of functionality of RealmJoin Portal to different users based in AzureAD group- or role membership.
To delegate/limit which runbooks can be used by different operators, please see Runbook Permissions - which is not covered here.
If these predefined roles are not meeting your requirements, you can request Custom Roles to be enabled for your environment to create additional, granular roles.
This will grant full administrative and configuration control over RealmJoin Portal. This includes:
- Modifying permissions / delegations
- Onboarding/modifying Runbook integration
- Modifying Runbooks permissions and customizing
- Changing package automation defaults
This will grant read-only access to all areas of RealmJoin Portal.
- Reading Runbook Job logs
This permissions does not include
- Starting Runbooks
- Subscribing to apps/packages
- Modifying group memberships / assignments
This will grant:
This permissions does not include
- Subscribing to apps/packages
- Modifying group memberships / assignments
- Starting Runbooks or Read Runbook Job logs
This will grant:
- Starting Runbooks
- Reading Runbook Job logs
This permissions does not include
- Subscribing to apps/packages
- Modifying group memberships / assignments
This is the recommended permission to use for User/Device Supporter Roles.
This will grant:
- Full access on application managent groups
This permissions does not include
- Starting Runbooks
- Modifying group memberships / assignments other than through application manangent
This allows a user to file a request to glueckkanja-gab for a new software package to be created and offered in his organization / tenant.
Regular software requests will be processed by the "package as a service" team at glueckkanja-gab.
This permission does not include
- Starting Runbooks or reading Runbook Job logs
This allows a user to automatically create a software package from uploaded sources in his organization / tenant.
No manual check by the "package as a service" team at glueckkanja-gab will be done on these packages.
This permission does not include
- Starting Runbooks or reading Runbook Job logs
Normal users will by default only have access to the About Me page to support self-service scenarios.
On initial onboarding, The AzureAD role "Global Admins" is also a RealmJoin Admin, so that initial configuration is possible.
Last modified 2mo ago