Administration Guide

Local Navigation

Administrative roles and permissions

You create roles for administrator accounts or assign preconfigured roles to administrator accounts so that you can specify what tasks an administrator can perform on the BlackBerry® Enterprise Server.

You can specify the actions that administrators can perform by changing the permission that you assign to administrative roles. Permissions specify the information that administrators can view and the tasks that they can perform using the BlackBerry® Administration Service and BlackBerry Monitoring Service. Each action that you perform in the BlackBerry Administration Service is associated with a specific permission. You can specify the actions that administrators can perform by changing the permission that you assign to administrative roles. For more information about performing specific tasks that are associated with the permissions, see the BlackBerry Enterprise Server Administration Guide. Roles do not apply to tasks that an administrator can perform using the BlackBerry Configuration Panel.

You can assign multiple roles to administrator accounts. If you assign multiple roles to an administrator account, the administrator is assigned all the permissions that are turned on for each of the roles.

You can also assign roles to groups and add administrator accounts to groups. This allows you to specify administrative role permissions at a group level instead of at an individual level. If the group contains BlackBerry device users, the roles are also assigned to the users and the users become administrators.

Preconfigured administrative roles

The BlackBerry® Enterprise Server installation process includes preconfigured administrative roles. You can use the preconfigured administrative roles in your organization's environment instead of creating customize administrative roles. Each preconfigured administrative role contains multiple permissions that are turned on. The preconfigured administrative roles make sure that users that do not have specific administrative permissions cannot escalate their permissions. For example, junior helpdesk administrators cannot escalate their roles to senior helpdesk administrator roles. You can configure additional permissions in the preconfigured administrative roles or turn off any of the permissions.

Permission name

Security role

Enterprise role

Senior Helpdesk role

Junior Helpdesk role

Server only role

User only role

Create a group

X

X

X

   

X

Delete a group

X

X

     

X

View a group (across Group)

X

X

X

X

 

X

Edit a group (across Group)

X

X

X

X

 

X

Create a user

X

X

X

   

X

Delete a user

X

X

X

   

X

View a user (across Group)

X

X

X

X

 

X

Edit a user (across Group)

X

X

X

X

 

X

View a device (across Group)

X

X

X

X

 

X

Edit a device (across Group)

X

X

X

X

 

X

View device activation settings

X

X

     

X

Edit device activation settings

X

X

     

X

Create an IT policy

X

X

     

X

Delete an IT policy

X

X

     

X

View an IT policy

X

X

X

X

 

X

Edit an IT policy

X

X

     

X

Import an IT policy

X

X

     

X

Export an IT policy

X

X

   

X

Create a user-defined IT policy template

X

X

     

X

Delete a user-defined IT policy template

X

X

     

X

Edit a user-defined IT policy template

X

X

     

X

Import an IT policy template

X

X

     

X

Resend data to devices

X

X

X

     

Create a software configuration

X

X

     

X

View a software configuration

X

X

X

X

 

X

Edit a software configuration

X

X

     

X

Delete a software configuration

X

X

     

X

View BlackBerry Administration Service software management

X

X

   

X

 

Edit BlackBerry Administration Service software management

X

X

       

Create an application

X

X

     

X

View an application

X

X

X

X

 

X

Edit an application

X

X

     

X

Delete an application

X

X

     

X

Create an administrator user

X

     

Specify an activation password

X

X

X

X

 

X

Generate an activation email

X

X

X

X

 

X

Assign the current device to a user

X

X

X

X

 

X

Turn off and on external services

X

X

X

   

X

Clear activation password

X

X

X

X

 

X

Clear synchronization backup data

X

X

X

   

X

Clear user statistics

X

X

X

X

 

X

Export statistics

X

X

     

X

Reset user field mapping

X

X

X

   

X

Turn on redirection

X

X

X

   

X

Turn off redirection

X

X

X

   

X

Refresh available user list from company directory

X

X

 

X

Add User from Company Directory

X

X

X

   

X

Synchronize GroupWise System Address Book

X

X

   

X

 

Clear and synchronize GroupWise System Address Book

X

X

   

X

 

View a server

X

X

   

X

 

Edit a server

X

X

   

X

 

View a component

X

X

   

X

 

Edit a component

X

X

   

X

 

View an instance

X

X

   

X

 

Edit an instance

X

X

   

X

 

Change the status of an instance

X

X

   

X

 

Edit an instance relationship

X

X

   

X

 

View a job

X

X

     

X

Edit a job

X

X

     

X

Manage deployment job tasks

X

X

     

X

Change the status of a job task

X

X

     

X

Update peer-to-peer encryption key

X

X

   

X

 

View job distribution settings

X

X

     

X

Edit job distribution settings

X

X

     

X

Delete an instance

X

X

   

X

 

Edit license keys

X

X

   

X

 

View license keys

X

X

   

X

 

Manually fail a job

X

X

     

X

Clear instance statistics

X

X

   

X

 

View push rules for the BlackBerry MDS Connection Service

X

X

X

X

X

X

View pull rules for the BlackBerry MDS Connection Service

X

X

X

X

 

X

Send message (across Group)

X

X

X

X

 

X

Create a role

X

     

X

Delete a role

X

       

X

View a role

X

X

     

X

Edit a role

X

       

X

Add or remove role

X

X

     

X

Import or export groups within roles

X

         

View BlackBerry Monitoring Service information

X

         

Edit BlackBerry Monitoring Service settings

X

         

Import new users

X

X

     

X

Import or export users

X

X

X

   

X

Import user updates

X

X

     

X

Import or export email message filters for a user

X

X

     

X

Export asset summary data

X

X

     

X

Add or remove to user configuration

X

X

X

   

X

Delete all device data and remove device

X

X

X

X

 

X

Delete only the organization data and remove device

X

X

X

X

 

X

Back To Top
Next topic: Creating roles

Was this information helpful? Send us your comments.