Access rights and permissions

Overview

Nexthink users have the right to see and manage content depending on their profile and assigned roles. The definition of a profile includes the account type, view domains, mandatory roles, and other settings that determine the permissions of the users for managing content and performing system administration tasks.

The following tables display the access rights of the different types of users to the features of the product, including all the additional requirements to their profile or roles -when needed.

System management

Portal content

Profile

Normal users can create modules if the option Allow creation of personal dashboards is checked in the definition of their profile. Additionally, normal users can publish their modules if the option Allow publication of modules is checked in their profiles.

Roles

Normal users can see the published modules included in their roles only.

Non-admin

Normal users can only manage the modules that they can see and have been created by themselves or by other normal (non-admin) users.

Finder and Engine content

Profile1

The main administrator has the access to the Finder granted by default. Other users must have the option Finder access checked in the definition of their profile.

Profile2

Users with data privacy disabled (Data privacy settings in the profile set to none (full access)) are able to manage categories, services, metrics, scores, global alerts, as well as import and export content and manually synchronize users and devices with AD, if they have the suboption Allow system configuration checked, in addition to the Finder access option, in the definition of their profile.

Profile3

Users other than the main administrator can tag objects and edit applications if they have the suboption Allow editing of applications and object tags checked, in addition to the Finder access option, in the definition of their profile.

Profile4

Users other than the main administrator can access the Web API V2 (make requests to the Engine written in the NXQL language) if they have their Data privacy set to none (full access) and the option Finder access enabled in the definition of their profile.

Profile5

Users other than the main administrator are able to supervise the installation of the Collector with the Updater from the Finder if they have the suboption Allow management of Collectors checked in their profile.

Profile6

Users with data privacy disabled (Data privacy settings in the profile set to none (full access)) are able to edit and publish campaigns, if they have the suboption Allow editing of campaigns checked, in addition to the Finder access option, in the definition of their profile. For campaigns that target users manually, this profile enables the manual triggering of campaigns.

Profile7

Users with data privacy disabled (Data privacy settings in the profile set to none (full access)) are able to edit remote actions, if they have the suboption Allow editing of remote actions checked, in addition to the Finder access option, in the definition of their profile.

Profile8

Users with data privacy disabled (Data privacy settings in the profile set to none (full access)) are able to execute remote actions if, in addition to the Finder access option, they have either the suboption Allow editing of remote actions checked or the remote actions included as roles in the definition of their profile.

RELATED TASK

• Adding users