A ZENworks administrator’s rights control which administrative tasks he or she can perform in the Management Zone. There are 23 categories of rights:
|
Administrator |
Device |
Location |
Subscriptions |
|
Apple DEP Device |
Discovery |
Patch Device |
System Update |
|
Bundle |
Document |
Patch Zone |
User |
|
Contract Management |
Inventoried Device |
Policy |
User Source |
|
Credential |
LDAP Import |
Remote Management |
ZENworks User Group |
|
Deployment |
License Management |
Sharing |
Zone |
Each rights category contains multiple rights that provide granular control of administrative tasks related to the category. For example, the Bundle Rights category includes the following rights:
|
View Leaf |
Modify Group Membership |
Author |
Assign Bundles |
|
Modify Groups |
Modify Folders |
Publish |
View Audit Logs |
|
Create/Delete Groups |
Create/Delete Folders |
Modify Settings |
View Audit Events |
Each right has two settings: Allow and Deny. Depending on the setting that is selected, the administrator is either allowed to perform the administrative task controlled by the right or not allowed to perform the task.
When you assign rights, you assign the entire rights category and specify the context in which the rights applies. For example, when you assign the Bundle Rights, you would configure each individual bundle right setting (Assign Bundles, Author, Publish, and so forth) to either Allow or Deny, and then specify the context to which the rights apply. In the case of Bundle Rights, the rights could be applied to the Bundles root folder or to any subfolders within the root folder. Some rights, such as Administrator Rights and Discovery Rights, apply only to the Management Zone, so their contexts are automatically set to zone.
For detailed descriptions of all rights, see Section 7.0, Rights Descriptions.