The following roles are available by default to administrators in the AirWatch Console. Use the Admin Role Compare tool to compare the specific permissions of two admin roles. For more information, see Compare Admin Roles.

Role Description

System Administrator

The System Administrator role provides complete access to an AirWatch environment. This role includes access to the Password and Security settings, Session Management, and AirWatch Console audit information. This information is located the Administration tab under System Configuration. This role is not available for Software as a Service (SaaS) customers.

Device Manager

The Device Manager role grants users significant access to the AirWatch Console. However, this role is not designed to configure most System Configurations. These configurations include Active Directory (AD)/Lightweight Directory Access Protocol (LDAP), Simple Mail Transfer Protocol (SMTP), Agents, and so on. For these tasks, use a top-tier role like the AirWatch Administrator or System Administrator.

Report Viewer

The Report Viewer role allows viewing of the data captured through Mobile Device Management (MDM). This role limits its users to generating, viewing, exporting, and subscribing to reports from the AirWatch Console.

AirWatch Administrator

The AirWatch Administrator role allows comprehensive access to the AirWatch environment. However, this access excludes the Administration tab under System Configuration, because that tab manages top-level AirWatch Console settings.

Read Only

The Read Only role provides access to most of the AirWatch Console, but limits access to read-only status. Use this role to audit or record the settings in an AirWatch environment. This role is not useful for system operators or administrators.

Content Management

The Content Management role only includes access to VMware Content Locker management. Use this role for specialized administrators responsible for uploading and managing a device content.

Application Management

The Application Management role allows admins with this access to deploy and manage the device fleet's internal and public apps. Use this role for an application management administrator.

Help Desk

The Help Desk role provides the tools necessary for most Level 1 IT Help Desk functions. The primary tool available in this role is the ability to see and respond to device info with remote actions. However, this role also contains report viewing and device searching abilities.

App Catalog Only Administrator The App Catalog Only Admin role has much the same permissions as Application Management. Added to these permissions are abilities to add and maintain admin and user accounts, admin and user groups, device details, and tags.
Horizon Administrator The Horizon Administrator role is a specially designed set of permissions for complementing an AirWatch configuration integrated with VMware Horizon View.
NSX Administrator The NSX Administrator role is a specially designed set of permissions intended to complement VMware NSX integrated with AirWatch. This role offers the full complement of system and certificate management permissions, allowing administrators to bridge endpoint security with data center security.
Privacy Officer The Privacy Officer role provides read access to Hub Overview, Device List View, View system settings, and full edit permissions for privacy settings.