Fine-tuning user group permissions allows you to reconsider who inside your organization can edit certain groups. For example, if your organization has a user group for company executives, you might not want lower-level administrators to have management permissions for that user group.
- Navigate to .
- Select the Edit icon of an existing user group row.
- Select the Permissions tab, then select Add.
- Select the Organization Group you want to define permissions for.
You must select an organization group (OG) that is within the root OG hierarchy of the user group.
- Select the Permissions you want to enable.
- Manage Group (Edit/Delete) – Activate the ability to edit and delete user groups.
- Manage Users Within Group and Allow Enrollment – Manage users within the user group and to allow a device enrollment in the OG. This setting can only be enabled when Manage Group (Edit/Delete) is also enabled. If Manage Group (Edit/Delete) is disabled, then this setting is also disabled.
- Use Group For Assignment – Use the group to assign security policies and enterprise resources to devices. This setting can only be changed if Manage Group (Edit/Delete) is disabled. If Manage Group (Edit/Delete) is enabled, then this setting becomes locked and uneditable.
- This setting is disabled when the user group is managed by a parent OG and you want to assign the group from one of its children OGs.
- Select the Scope of these permissions, that is, which groups of administrators are allowed to manage or use this user group. Only one of the following options may be active.
- Administrator Only – The permissions affect only those administrators at the parent OG.
- All Administrators at or below this Organization Group – The permissions affect the administrators in the OG and all administrators in all child OGs underneath.
- Select Save.