You can make roles that grant specific kinds of access to the Workspace ONE UEM powered by AirWatch. You define roles for individual users and groups based on UEM console access levels you find useful.

For example, help desk administrators within your enterprise might have limited access within the console, while the IT Manager has a greater range of permissions.

To enable role-based access control, you must first set up the administrator and user roles within the UEM console. Specific resources, also known as permissions, define these roles which enable and disable access to various features within the UEM console. Roles can also be created for end users who need access to the Self-Service Portal.

Since roles (and specifically resources or permissions) determine what users and admins can and cannot do in the UEM console, care must be taken to grant the correct resources or permissions. For example, if you require admins enter a note before a device can be enterprise wiped, the role must not only have the permissions to enterprise wipe a device but also add a note.

Roles are important to maintain the security of your device fleet. An example of this is the creation of staging users, which is an elevated level administrator privilege. Treat staging user credentials the same as administrator privileges and do not disclose the user credentials.

Making Admin Role Changes Effective

If you edit a role that is in use by an administrator, the edit does not apply until the administrator logs out and then logs back in.

Compare Two Admin Roles

You can compare the permissions of one administrator role with another for the sake of accuracy or to confirm and maintain deliberate permissions differences. For more information, see Compare Admin Roles.