Administration Guide

Local Navigation

Administrative roles and permissions

You create roles for administrator accounts or assign preconfigured roles to administrator accounts so that you can specify what tasks an administrator can perform on the BlackBerry® Enterprise Server.

You can specify the actions that administrators can perform by changing the permission that you assign to administrative roles. Permissions specify the information that administrators can view and the tasks that they can perform using the BlackBerry® Administration Service and BlackBerry Monitoring Service. Each action that you perform in the BlackBerry Administration Service is associated with a specific permission. You can specify the actions that administrators can perform by changing the permission that you assign to administrative roles. For more information about performing specific tasks that are associated with the permissions, see the BlackBerry Enterprise Server Administration Guide. Roles do not apply to tasks that an administrator can perform using the BlackBerry Configuration Panel.

You can assign multiple roles to administrator accounts. If you assign multiple roles to an administrator account, the administrator is assigned all the permissions that are turned on for each of the roles.

You can also assign roles to groups and add administrator accounts to groups. This allows you to specify administrative role permissions at a group level instead of at an individual level. If the group contains BlackBerry device users, the roles are also assigned to the users and the users become administrators.

Preconfigured administrative roles

The BlackBerry® Enterprise Server installation includes preconfigured administrative roles. You can use the preconfigured administrative roles in your organization's environment instead of creating administrative roles. Each preconfigured administrative role contains multiple permissions that are turned on. You can configure additional permissions in the preconfigured administrative roles or turn off any of the permissions that are displayed in the following table:

Permission name

Security role

Enterprise role

Senior Helpdesk role

Junior Helpdesk role

Server only role

User only role

Create a group

X

X

X

   

X

Delete a group

X

X

     

X

View a group (across Group)

X

X

X

X

 

X

Edit a group (across Group)

X

X

X

X

 

X

Create a user

X

X

X

   

X

Delete a user

X

X

X

   

X

View a user (across Group)

X

X

X

X

 

X

Edit a user (across Group)

X

X

X

X

 

X

View a device (across Group)

X

X

X

X

 

X

Edit a device (across Group)

X

X

X

X

 

X

View device activation settings

X

X

     

X

Edit device activation settings

X

X

     

X

Create an IT policy

X

X

     

X

Delete an IT policy

X

X

     

X

View an IT policy

X

X

X

X

 

X

Edit an IT policy

X

X

     

X

Import an IT policy

X

X

     

X

Export a data file

X

X

   

X

X

Create a user-defined IT policy template

X

X

     

X

Delete a user-defined IT policy template

X

X

     

X

Edit a user-defined IT policy template

X

X

     

X

Import an IT policy template

X

X

     

X

Create a software configuration

X

X

     

X

View a software configuration

X

X

X

X

 

X

Edit a software configuration

X

X

     

X

Delete a software configuration

X

X

     

X

Create an application

X

X

     

X

View an application

X

X

X

X

 

X

Edit an application

X

X

     

X

Delete an application

X

X

     

X

Create an administrator user

X

X

     

X

Specify an activation password

X

X

X

X

 

X

Generate an activation email

X

X

       
Assign the current device to a user

X

X

       

Turn off and on external services

X

X

X

   

X

Clear activation password

X

X

X

X

 

X

Clear synchronization backup data

X

X

X

   

X

Clear user statistics

X

X

X

X

 

X

Reset user field mapping

X

X

X

   

X

Turn on redirection

X

X

X

   

X

Turn off redirection

X

X

X

   

X

Refresh available user list from company directory

X

X

X

 

X

X

Synchronize GroupWise System Address Book

X

X

   

X

 

Clear and synchronize GroupWise System Address Book

X

X

   

X

 

View a server

X

X

   

X

 

Edit a server

X

X

   

X

 

View a component

X

X

   

X

 

Edit a component

X

X

   

X

 

View an instance

X

X

   

X

 

Edit an instance

X

X

   

X

 

Change the status of an instance

X

X

   

X

 

Edit an instance relationship

X

X

   

X

 

View a job

X

X

     

X

Edit a job

X

X

     

X

View default distribution settings for a job

X

X

     

X

Edit default distribution settings for a job

X

X

     

X

Update peer-to-peer encryption key

X

X

   

X

 

View job distribution settings

X

X

     

X

Edit job distribution settings

X

X

     

X

Delete an instance

X

X

   

X

 

Edit license keys

X

X

   

X

 

License key view

X

X

   

X

 

Manually fail a job

X

X

     

X

Clear instance statistics

X

X

   

X

 

Clear statistics for a BlackBerry MDS Connection Service instance

X

X

   

X

 

View push rules for the BlackBerry MDS Connection Service

X

X

X

X

X

X

View pull rules for the BlackBerry MDS Connection Service

X

X

X

X

 

X

Send message (across Group)

X

X

X

X

 

X

Create a role

X

     

X

Delete a role

X

       

X

View a role

X

X

     

X

Edit a role

X

       

X

Add and remove a role (across Group)

X

X

     

X

View a group across organizations

           

Edit a group across organizations

           

Add and remove a role across organizations

           

View a device across organizations

           

Edit a device across organizations

           

Register an event notification

           

Create an event notification

           

Edit a BlackBerry Administration Service timer

           

View BlackBerry Monitoring Service information

           

Edit BlackBerry Monitoring Service settings

           
Next topic: Creating roles

Was this information helpful? Send us your comments.