You can make customized roles based on Assist functionality and assign those roles to your admins, giving them varying level of access to Workspace ONE Assist's main features, including Remote View and Share Screen.
Roles specific to Workspace ONE Assist work the same as roles in Workspace ONE UEM. Roles are made of one or more resources (or permissions). Permissions specific to Workspace ONE Assist are included in the same pool of Workspace ONE UEM permissions.
Remote View Session Elevation
A role with the right combination of permissions can give your admins the ability to elevate the current Assist session, allowing them to go from using one client tool to using another in the middle of a session.
For example, if you make a role with the Remote View and Remote Control permissions, and assign that role to an admin, then that admin can start a Remote View session, provided the host device supports such functionality, and elevate that session to a remote control session simply by using the Share Screen.
Such elevation reflects the natural progression of many Remote View sessions, where the admin completes an initial troubleshooting phase only to discover they require the full range of abilities afforded to them by the Share Screen client tool.
Assign Role Permissions for Workspace ONE Assist Client Tools
- In the Workspace ONE UEM console, navigate to . You must select between a) creating a new role and b) modifying an existing role.
- Create a New Role – Select the Add Role button. The Create Role screen displays. Complete the Name and Description options and proceed directly to step 2.
- Modify an Existing Role – From the roles listing, locate the role you want to edit, and select the edit icon () that appears to the left of the listing. The Edit Role screen displays.
- Select the Assist category, located in the left pane labeled Categories. All six Assist-related resources, or permissions, display in the right pane.
- Enable the Allow check box for the specific permission you want to apply to the role. There are six Assist-related permissions.
- Remote View – "read only" view of the host device with the Remote View client tool.
- Remote Control – "edit" view or full access to the Share Screen client tool.
- File Manager – full access to the Manage Files client tool.
- Registry Editor – full access to the Registry Editor client tool.
- Remote Shell – functionality includes both the Remote Shell client tool and the Command Line client tool.
- Unattended Access – provides access to only Windows 10 devices in unattended mode. Unattended access for Android and Windows Mobile devices is handled using their respective dedicated agents.
Note: The Unattended Access permission is enabled by default for the AirWatch Administrator and Console Administrator roles.
- Save the role.
- Next, you must assign the role to your administrator. Navigate to and locate the Administrator you want to assign the role to.
- Select the Edit icon () to the left of the administrator user name. The Add/Edit Admin screen displays.
- Select the Roles tab.
- Select the Add Role button. Two empty text boxes display, labeled Select Organization Group and Select Role.
- Fill the Select Organization Group text box with the organization group (OG) in your org structure you want this role assignment to apply.
Result: If your admin is in this OG or downline of this OG, then they gain the abilities of this role. If your admin moves above this OG, or upline of this OG, then they lose the abilities of this role. The higher the OG you select here, the more OGs your admin can apply the abilities of this role.
- Fill the Select Role text box with the name of the role from step 1.
You can repeat Steps 8 through 10 to assign as many roles to an admin as you want.
- Save the role assignment.