See the Customer Portal: Roles and Permissions for a more detailed list of all roles and permissions.
Automox currently supports five role-based access controls (RBAC). The user roles and permissions are described here:
A global administrator can access all zones and has full administrative permissions. A global administrator can do the following:
- View and access the Global View landing page
- Add zones to accounts
- Invite users to accounts
- Add users to zones
- Assign zone administrators
- Assign any role to any user
- Control all aspects of the Automox console
Note: It is recommended to keep the number of Global Administrators to a minimum.
A zone administrator has full access and administrative permissions for the assigned zone(s) only. A zone administrator has the following permissions within their zone(s):
- Can add existing users of the account to a zone
- Assign the following roles: zone operator, patch operator, billing administrator, or read only
- Control all aspects of the Automox console within the zone(s)
Note: Only Global Administrators can invite users to an account.
A zone operator (formerly patch administrator) can create, read, modify, and delete all policies and server groups for a zone(s). They can add, remove, and reboot devices.
A patch operator can create, modify, and delete patch policies. They can view and run worklets and required software policies. They do not have permission to create or modify worklets and required. software policies. They can add, remove, and reboot devices.
A billing administrator can modify billing settings for a zone(s).
This user only has read access rights for the assigned zone(s).