|Application Management ||Access to any activities that originate on the Apps page, such as the ability to add, modify, or remove applications. From the Application Settings dialog box, this right also grants the ability to change which roles are assigned to a specific application. |
|User Management ||Permission to use the Add User and Bulk User Import buttons to add users and modify CUS user properties.|
Use of all the commands that originate from the Devices page except the following:
Samsung devices only:
The purpose of this permission is to provide limited device management rights to, for example, helpdesk staff. This allows users with this permission to help users but prevents them from performing any destructive actions to a device or a container.
Use of all the commands that originate from the Devices page, such as the ability to update policies, lock, reset the passcode, wipe, unenroll, delete, or view device details.
Note: The user must have the Device Management permission to run the APNS Certificate, Mass Deployment, and Exchange ActiveSync Server Settings options on the Settings page in Cloud Manager.
|Read Only System Administrator||
Access to all of the Cloud Manager tabs, however, the user cannot make any changes. An error message is displayed when the user attempts to save the change.
Note: If you enable read-only access for a support technician, the identity platform creates a temporary account that is add as a member to this role. See Enabling read-only access for Centrify support for the details.
|Register Cloud Connectors||
Register a Centrify cloud connector in your identity platform account.
During the cloud connector installation, the wizard prompts you to enter the account of a user that has the Register cloud connectors right. This must be a Centrify user service account. Make sure the account you specify is a member of a role with this permission.
If this is the only permission for a role, members can open Cloud Manager, however, the pages for all of the tabs except for Settings are blank.
|Report Management ||Create, delete, and run reports. |
|Role Management ||Access to any activities that originate on the Roles page, such as the ability to add, modify, or delete roles; this includes the ability to assign rights. |
|Privilege Management||Access to all of the Privilege Manager tabs and permissions to view, add, and remove resources and accounts in the Centrify privilege service. Users with this right can also grant permissions to other users for the specific resources and accounts they add to the Centrify privilege service.|
|Privilege Management (Limited)||Access to all of the Privilege Manager tabs and permissions to view resources and accounts where they have been granted permissions. Users with this right cannot add any resources or account information to the Centrify privilege service.|