Creating administrator accounts for your application

When your application invokes an API, your application must provide an administrator account name and password for the BlackBerry® Administration Service to authenticate your application and authorize your application to use the API. Applications can use the same administrator account name and password that administrators use to log in to the BlackBerry Administration Service. You can provide the developers with the credentials of an existing administrator account or you can create a new account specifically for applications that use the BlackBerry® Administration API.

An application that uses the BlackBerry Administration API requires an administrator account that has the appropriate permissions. Permissions are associated with each task that an administrator, or an application, can perform in the BlackBerry Administration Service. If the administrator account that an application uses does not have the necessary permissions to complete an API request, the request is not completed. Make sure that your developers use administrator accounts that have the necessary permissions to perform the required tasks. The permissions for tasks that an administrator or application can perform are defined by the roles that are assigned to the administrator account.

For more information on the permissions that developers require to use a specific API, see the API reference for the BlackBerry Administration API.

Create a role

You can create a role for an administrator account if existing roles do not match the criteria that your organization specified for a type of administrator account. By default, when you create a role, all permissions are turned off.
  1. In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand Role.
  2. Click Create a role.
  3. Type a name and description for the role.
  4. Click Save.
  5. In the Role information section, click the name of the role that you created.
  6. Click Edit role.
  7. Switch the appropriate tabs to turn on the appropriate permissions.
  8. Click Save all.
After you finish: Assign the role to an administrator account or group.

Create a role based on an existing role

To create a role for administrator accounts that is similar to an existing role, you can copy the existing role and make the appropriate changes to it.
  1. In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand Role.
  2. Click Manage roles.
  3. In the list of existing roles, click the role that you want to copy.
  4. Click Copy role.
  5. Type a name and description for the role.
  6. Click Copy role.
  7. In the Role information section, click the name of the role that you created.
  8. Click Edit role.
  9. Switch the appropriate tabs to change the appropriate permissions.
  10. Click Save all.
After you finish: Assign the role to an administrator account or group.

Permissions for the BlackBerry Administration API

The functionality that is available in the BlackBerry Administration API might vary depending on the components that are installed on your BlackBerry® Enterprise Server. You might require additional permissions to those listed below. Some permissions and their associated BlackBerry Administration API methods might not be available on your BlackBerry Enterprise Server, which means that they do not appear in your BlackBerry Administration Service or WSDL files.

The following list describes the permissions that you require to access most of the methods that you might use in the BlackBerry Administration API.

Tab

Permission

Associated BlackBerry Administration API methods

User and device

Create a group

createGroup()

User and device

Delete a group

deleteGroup()

User and device

View a group

  • getUser()
  • findGroups()
  • findITPoliciesForGroup()
  • findUsers ()
  • getGroup()
  • setGroup()
  • setUser()
  • findSoftwareConfigurationsForGroup()

User and device

Edit a group

  • createUser()
  • createUsers()
  • addGroupToGroup()
  • addUserToGroup()
  • removeUserFromGroup()
  • removeGroupFromGroup()
  • setGroup()

User and device

Create a user

  • createUser()
  • createUsers()

User and device

Delete a user

  • deleteUsers()
  • deleteUser()

User and device

View a user

  • findSoftwareConfigurationsForUser()
  • findGroups()
  • findUsers()
  • findITPoliciesForUser()
  • findResolvedUserCapabilities()
  • findPersonalRedirectionFolderInformation()
  • gatherEnableBlackBerryUserAttributes()

User and device

Edit a user

  • createUser()
  • createUsers()
  • addUserToGroup()
  • removeUserFromGroup()
  • addUsersToGroup()
  • setUser()
  • disableBlackBerryServiceForUsers()
  • moveUser()
  • setPersonalRedirectionFolderInformation()

User and device

View a device

  • findUsers()
  • findDeviceForUser()
  • isKillHandheldPending()

User and device

Edit a device

  • setDevicePassword()
  • cancelKillHandheld()

User and device

View an IT Policy

  • findVPNConfigurations()
  • findITPoliciesForGroup()
  • findITPolicies()
  • findUsers ()
  • findITPoliciesForUser ()
  • getUser()
  • findWLANConfigurations()

User and device

Resend data to devices

  • resendReconciledApplicationsToUser()
  • resendPeerToPeerKeyToUser()
  • resendServiceBookToUsers()
  • resendServiceBookToUser()

User and device

View a software configuration

  • findSoftwareConfigurationsForUser()
  • findUsers()
  • findSoftwareConfigurationsForGroup()

User and device

Add or remove to user configuration

  • createUser()
  • createUsers()
  • detachSoftwareConfigurationFromUser()
  • detachSoftwareConfigurationFromGroup()
  • assignVPNConfigurationToUser()
  • unassignWLANConfigurationFromUser()
  • unassignVPNConfigurationFromUser()
  • assignWLANConfigurationToUser()
  • attachITPolicyToUser()

User and device

Specify activation password

  • setActivationPassword()
  • generateActivationPassword()
  • clearActivationPassword()

User and device

Turn on redirection

  • enableUserMailRedirection()
  • enableUsersMailRedirection()

User and device

Turn off redirection

  • enableUserMailRedirection()
  • enableUsersMailRedirection()

Topology

View a Server

findServerByHostName()

Topology

View a component

findServices()

Topology

View an Instance

  • findServiceInstancesByService()
  • findServiceInstancesByServer()

Topology

View rules for the BlackBerry MDS Connection Service

findUsers()

BlackBerry Administration Service setup

Send message

  • sendMessageToUser()
  • sendMessageToUsers()

BlackBerry Administration Service setup

View a role

  • findUsers()
  • findResolvedUserCapabilities()

BlackBerry Administration Service setup

Add or remove a role

findCapabilityDefinitions()

BlackBerry Administration Service setup

View BlackBerry Administration Service software management

  • findSoftwareConfigurations()
  • findSoftwareConfigurationApplications()

Organizations

View a group across organizations

  • setGroup()
  • findITPoliciesForGroup()
  • findGroups()
  • findUsers()
  • getUser()
  • removeUserFromGroup()
  • setUser()
  • findSoftwareConfigurationsForGroup()

Organizations

Edit a group across organizations

  • createUser()
  • createUsers()
  • addUserToGroup()
  • setGroup()
  • removeGroupFromGroup()
  • setUser()

Organizations

Add or remove a role across organizatons

findCapabilityDefinitions()

Organizations

View a device across organizations

  • findUsers()
  • findDeviceForUser()
  • isKillHandheldPending()

Organizations

Edit a device across organizations

  • setDevicePassword()
  • cancelKillHandheld()

For more information about the permission requirements for a specific API, see the API reference for the BlackBerry Administration API.

Create an administrator account

You create an account for administrators to enable them to log in to the BlackBerry® Administration Service and manage the BlackBerry® Enterprise Server. You create an administrator account and assign the account to one or more administrator roles. The roles control the actions that an administrator can perform in the BlackBerry Administration Service.
Before you begin: Verify that you can configure the authentication type and roles for an administrator account.
  1. In the BlackBerry® Administration Service, on the BlackBerry solution management menu, expand Administrator user.
  2. Click Create an administrator user.
  3. Type the required information.
  4. In the Role drop-down list, click the role that you want to assign to the administrator account.
  5. Click Create an administrator user.
After you finish: To configure the administrator account, provide the login information to the administrator and add the administrator account to a group or assign additional roles to the administrator account.

Was this information helpful? Send us your comments.