Access rights and permissions

Overview

Nexthink users have the right to see and manage content depending on their profile and assigned roles. The definition of a profile includes the account type, view domains, mandatory roles, and other settings that determine the permissions of the users for managing content and performing system administration tasks.

The following tables display the access rights of the different types of users to the features of the product, including all the additional requirements to their profile or roles -when needed.

System management

FeatureMain administratorCentral administratorUser

Manage accounts

Ok

Ok

No

Manage profiles

Ok

Ok

No

Manage roles

Ok

Ok

No

Manage hierarchies

Ok

Ok

No

Manage entities

Ok

Ok

No

Manage engines

Ok

Ok

No

Manage appliance

Ok

Ok

No

Manage license

Ok

Ok

No

Portal content

FeatureMain administratorCentral administratorUser

Create modules and dashboards

Ok

Ok

Profile

View published modules

Ok

Ok

Roles

Manage published modules

Ok

Ok

Non-admin

Manage service alerts

Ok

Ok

No

Profile

Normal users can create modules if the option Allow creation of personal dashboards is checked in the definition of their profile. Additionally, normal users can publish their modules if the option Allow publication of modules is checked in their profiles.

Roles

Normal users can see the published modules included in their roles only.

Non-admin

Normal users can only manage the modules that they can see and have been created by themselves or by other normal (non-admin) users.

Finder and Engine content

FeatureMain administratorCentral administratorUser

Access to the Finder

Ok

Profile1

Profile1

Manage categories, services, metrics, global alerts, import and export content

Ok

Profile2

Profile2

Manually tag objects

Ok

Profile3

Profile3

Web API (NXQL)

Ok

Profile4

Profile4

Management of Collector

Ok

Profile5

Profile5

Editing (and manual triggering) of campaigns

Ok

Profile6

Profile6

Editing of remote actions

Ok

Profile7

Profile7

Execution of remote actions

Ok

Profile8

Profile8

Profile1

The main administrator has the access to the Finder granted by default. Other users must have the option Finder access checked in the definition of their profile.

Profile2

Users with data privacy disabled (Data privacy settings in the profile set to none (full access)) are able to manage categories, services, metrics, scores, global alerts, as well as import and export content and manually synchronize users and devices with AD, if they have the suboption Allow system configuration checked, in addition to the Finder access option, in the definition of their profile.

Profile3

Users other than the main administrator can tag objects and edit applications if they have the suboption Allow editing of applications and object tags checked, in addition to the Finder access option, in the definition of their profile.

Profile4

Users other than the main administrator can access the Web API V2 (make requests to the Engine written in the NXQL language) if they have their Data privacy set to none (full access) and the option Finder access enabled in the definition of their profile.

Profile5

Users other than the main administrator are able to supervise the installation of the Collector with the Updater from the Finder if they have the suboption Allow management of Collectors checked in their profile.

Profile6

Users with data privacy disabled (Data privacy settings in the profile set to none (full access)) are able to edit and publish campaigns, if they have the suboption Allow editing of campaigns checked, in addition to the Finder access option, in the definition of their profile. For campaigns that target users manually, this profile enables the manual triggering of campaigns.

Profile7

Users with data privacy disabled (Data privacy settings in the profile set to none (full access)) are able to edit remote actions, if they have the suboption Allow editing of remote actions checked, in addition to the Finder access option, in the definition of their profile.

Profile8

Users with data privacy disabled (Data privacy settings in the profile set to none (full access)) are able to execute remote actions if, in addition to the Finder access option, they have either the suboption Allow editing of remote actions checked or the remote actions included as roles in the definition of their profile.


RELATED TASK

Last updated