Permissions in Detail
Here is the list of available permissions you can assign to Action1 roles.
Permissions
Approve Updates
Manage Advanced Settings
Manage Automations
Manage Data Sources
Manage Endpoint Attributes
Manage Endpoints
Manage Enterprise
Manage Organizations
Manage Reports
Manage Roles
Manage Scripts
Manage Software Repository
Manage Users
Manage Vulnerabilities
Remote Connect
Use Scripts
View Audit Trail
View Automations and History
View Dashboards
View Endpoints
View Installed Software
View Reports
View Software Repository
View Updates
View Vulnerabilities
Description
Allow approving updates
View, create, modify, and delete advanced settings in the specified scope.
View, create, modify, and delete automations, view automation history, stop running automations in the specified scope. View updates, installed software, software repository packages, and endpoints in that scope. Use "Deactivate Updates in Windows Settings" script.
View, create, modify, and delete data sources.
Modify endpoint attributes in the specified scope.
View endpoints, their logs and groups, move endpoints between organizations, remove endpoints, manage endpoint attributes. View Action1 Deployer and manage its settings for agent deployment in the specified scope.
View Action1 enterprise subscription license details and usage information. Modify enterprise configuration. Request Action1 account closure or revoke such request. Request a license quote. Start a trial.
View, create, modify, and delete Action1 organizations, and view their license usages in the specified scope.
View, create, modify, and delete reports and alerts. View data sources in the specified scope.
View, create, modify, and delete roles in the specified scope.
View, create, modify, and delete scripts in the Script Library, and use any script in Run Script automations or in Additional actions of software repository packages.
View, create, modify, and delete software repository packages and their versions in the specified scope.
View, create, modify, and delete users.
View vulnerabilities and remediate them in the specified scope.
Connect to remote desktop in the specified scope.
View scripts in the Script Library in the specified scope. Include scripts from the Script Library or ad-hoc scripts in Run Script automations or in Additional actions of software repository packages.
View audit trail. View users.
View automations and their history (instances) in the specified scope.
View dashboards endpoints, updates, vulnerabilities, installed software, and SLA (advanced settings) in the specified scope.
View endpoints and their details (including missing updates, vulnerabilities, installed software, and automation history) in the specified scope.
View installed software in the specified scope.
View reports and alerts. Refresh reports to populate them with live data in the specified scope.
View software repository packages and their versions in the specified scope.
View updates in the specified scope.
View vulnerabilities and CVE descriptions in the specified scope.
Permission scope
Enterprise, Organization
Enterprise, Advanced Setting Template, Organization
Enterprise, Organization, Group
Enterprise
Enterprise, Organization, Group
Enterprise, Organization
Enterprise
Enterprise, Organization
Enterprise, Organization
Enterprise, Organization
Enterprise
Enterprise, Organization
Enterprise
Enterprise, Organization
Enterprise, Organization, Group
Enterprise, Script, Ad Hoc Script
Enterprise
Enterprise, Organization
Enterprise, Organization
Enterprise, Organization, Group
Enterprise, Organization
Enterprise, Organization, Report
Enterprise, Organization
Enterprise, Organization
Enterprise, Organization
Included permissions
View Updates
View Advanced Settings
View Automations and History
View Software Repository
View Updates
View Installed Software
View Endpoints
Use Scripts
View Software Repository
View Updates
View Installed Software
View Endpoints
Use Scripts
View Data Sources
View Endpoints
View Endpoints
Manage Endpoint Attributes
Manage Endpoint Attributes
-
-
View Reports
View Data Sources
View Data Sources
View Users
View Endpoints
View Reports
Use Scripts
View Endpoints
View Reports
Use Scripts
Use Scripts
View Software Repository
Manage Advanced Settings
Manage Advanced Settings
View Users
View Vulnerabilities
View Endpoints
View Advanced Settings
View Advanced Settings
-
-
-
View Reports
View Installed Software
View Updates
View Endpoints
View Vulnerabilities
View Advanced Settings
View Installed Software
View Updates
View Endpoints
View Vulnerabilities
View Advanced Settings
Per managed endpoint: View Automations
View Installed Software
View Vulnerabilities
View Reports (on system updates)
View Installed Software
View Vulnerabilities
View Reports (on system updates)
-
-
View Advanced Settings
-
Notes
If Advanced Setting Template was chosen as permission scope, then creation, cloning, modification, and deletion will be allowed only for the advanced setting you selected when configuring that permission scope.
If Organization was chosen as permission scope, then creation, cloning, modification, and deletion will be allowed if the advanced setting's own scope contains only the scopes related to the selected organization.
If Organization was chosen as permission scope, then creation, cloning, modification, and deletion will be allowed if the advanced setting's own scope contains only the scopes related to the selected organization.
- To specify ALL as the automation's target endpoints, the Organization scope will be required.
-Creating an automation for a group of endpoints is only allowed if all endpoints in the group are visible. Visibility may be limited if the group contains endpoints that belong to another group excluded by the View Endpoints permission. Similarly, specifying individual endpoints by ID is restricted if those endpoints are part of a group that has been excluded through the View Endpoints permission.
Deploy Updates automation:
- To disable automatic Windows updates during the automation execution, the "Deactivate Updates in Windows Settings" script is used. So, the underlying Use Scripts permission will be granted automatically, with the Script permission scope and 'Include scope' set to that script only.
- To use the 'Auto-approve updates' option, the Approve Updates permission will be required.
Run Script automation:
To use the ad-hoc scripts or scripts from the Script Library, the Use Scripts permission will be required:
- Using scripts from the Script Library will require the Script scope.
- Using ad-hoc scripts will require the Ad-Hoc Script scope.
-Creating an automation for a group of endpoints is only allowed if all endpoints in the group are visible. Visibility may be limited if the group contains endpoints that belong to another group excluded by the View Endpoints permission. Similarly, specifying individual endpoints by ID is restricted if those endpoints are part of a group that has been excluded through the View Endpoints permission.
Deploy Updates automation:
- To disable automatic Windows updates during the automation execution, the "Deactivate Updates in Windows Settings" script is used. So, the underlying Use Scripts permission will be granted automatically, with the Script permission scope and 'Include scope' set to that script only.
- To use the 'Auto-approve updates' option, the Approve Updates permission will be required.
Run Script automation:
To use the ad-hoc scripts or scripts from the Script Library, the Use Scripts permission will be required:
- Using scripts from the Script Library will require the Script scope.
- Using ad-hoc scripts will require the Ad-Hoc Script scope.
This permission will be denied if the target endpoint is a member of a group specified as 'Exclude' Group scope.
For moving endpoints between organizations, this permission with 'Include scope' set to Organization for both the source and target organizations is required.
To create and delete organizations, this permission with Enterprise scope is required.
All operations (creating, cloning, modifying, deleting, and assigning roles to users) will be allowed only if the corresponding underlying permissions (View Endpoints, View Reports, Use Scripts) and their 'Include' and 'Exclude' scopes are targeting the certain Organization.
The only exception is the Use Script permission, which may have Enterprise scope.
The list of displayed roles will be filtered to exclude those that are not accessible.
The only exception is the Use Script permission, which may have Enterprise scope.
The list of displayed roles will be filtered to exclude those that are not accessible.
For using scripts in Additional actions of repository packages, the Use Scripts permission will be required.
- Using scripts from the Script Library will require the Script scope.
- Using ad-hoc scripts will require the Ad-Hoc Script scope.
- Using scripts from the Script Library will require the Script scope.
- Using ad-hoc scripts will require the Ad-Hoc Script scope.
This permission will be denied if the target endpoint is a member of a group specified as 'Exclude' Group scope.
When selecting a script from the list while configuring a Run Script automation or an Additional action of software repository package, consider that:
- If 'Exclude' scope was configured for a Script permission scope, the excluded scripts will be filtered out from the list.
- If 'Include' scope was configured for a Script (but not for Enterprise) permission scope, only the scripts with 'Include' scope will be displayed in the list.
- If 'Exclude' scope was configured for a Script permission scope, the excluded scripts will be filtered out from the list.
- If 'Include' scope was configured for a Script (but not for Enterprise) permission scope, only the scripts with 'Include' scope will be displayed in the list.
Users can only view the Groups to which they have access. For viewing the endpoints within the organization Groups, consider the following:
- If the included Organization is absent, all endpoints from the included Groups will be displayed.
- If the excluded Groups are present, all endpoints belonging to them will be filtered out.
For viewing endpoints from a certain group: if an excluded Group is present, all endpoints belonging to it will be filtered out.
Reports and a list of installed software will display data for certain endpoint(s).
- If the included Organization is absent, all endpoints from the included Groups will be displayed.
- If the excluded Groups are present, all endpoints belonging to them will be filtered out.
For viewing endpoints from a certain group: if an excluded Group is present, all endpoints belonging to it will be filtered out.
Reports and a list of installed software will display data for certain endpoint(s).
In case you set Report as permission scope (that is, configure access to a specific report), then you can select not only the report but also the target organization.
- If selected, this will allow or restrict access to a specific report within a specific organization.
- If omitted, access will be granted to the specific report across all organizations.
- If selected, this will allow or restrict access to a specific report within a specific organization.
- If omitted, access will be granted to the specific report across all organizations.
Example
You want to allow the helpdesk team to view all built-in reports except for “Group Membership” and “Logon Statistics” reports for the target organization “My Organization”. For that, you can take these steps:
- Create a role named Helpdesk.
- When setting up its permissions, select View Reports permission.
- Next, when configuring the scopes, click Exclude scope and select Report.
- From the list of organizations, select My Organization, and from the list of reports, select “Group Membership”.
- Click Add, then repeat steps 3 and 4 for the “Logon Statistics” report.