The Workspace ONE ™ UEM console allows you to define access levels for individual users or groups based on the roles you created during the user enrollment process.

For example, help desk administrators within your enterprise may have limited access within the console, while the IT Manager has a greater range of permissions.

To enable role-based access control, you must first set up the administrator and user roles within the UEM console. Specific resources, also known as permissions, define these roles which enable and disable access to various features within the UEM console. Roles can also be created for end users who need access to the Self-Service Portal.

Since roles (and specifically resources or permissions) determine what users and admins can and cannot do in the console, care must be taken to grant the correct resources or permissions. For example, if you require your admins to enter a note before a device can be enterprise wiped, be sure that role has the permissions not only to enterprise wipe a device but also to add a note.

Default and Custom Roles

Each Workspace ONE UEM installation includes default roles for both users and administrators. You can use these roles as a template to create your own customized roles that better suit the needs of your organization. For more information, see Default and Custom Roles.

User Roles

Take control of what your users can and cannot do with user roles. For more information, see User Roles.

Admin Roles

Grant your administrators as much or as little control in Workspace ONE UEM as your organization needs. For more information, see Admin Roles.

Compare Two Admin Roles

You can compare the permissions of one administrator role with another for the sake of accuracy or to confirm deliberate permissions differences. For more information, see Compare Admin Roles.