After you assign a role to a user, the user can access only the HP Web Jetadmin features that are enabled for that role. You can create multiple roles to allow different levels of access to HP Web Jetadmin features for different users. You can assign multiple roles to one user.

The permission sets for roles are cumulative. If you assign one role to a user, you can grant additional permissions to that user by assigning another role that has a different permission set. Users never lose permissions when multiple roles are assigned to them. For example, assume that Role A enables permission to update the device firmware and Role B disables permission to update the device firmware. If you assign Role A to a user, the user can update the device firmware. If you then assign Role B to the user, the user retains permission to update the device firmware.

You can use the Diagnostics feature to view the roles that are assigned to a user and the features that are enabled or disabled for each of those roles. For more information about the Diagnostics feature, see User Security Diagnostics on page 280.

Restrict Roles to Device Groups

When you create a role, you can restrict the role to device groups and limit the permission set to specific device management features, such as configuring devices, running discoveries, and updating the device firmware. To limit the permission set to device groups from the Create Role wizard, you must select the Device Groups option from the Restriction type list on the Specify permission settings page. Then you can enable or disable each device management feature. For instructions on creating roles, see Create a Role on page 274.

After you create a role that is limited to the device management features, you can assign the role to a user. During the process of assigning the role to a user, you must specify the device groups to which the role is restricted. The user can access the device management features that are enabled for the role only on the devices that are members of the specified device groups. The user cannot access the device management features on devices that are not members of the specified device groups. For instructions on assigning roles, see Assign Roles to Users on page 277.

Create a Role

If you have permission to manage users, you can create roles by using the Create Role wizard. To create a role, perform the following steps:

1.In the Application Management navigation pane, right-click Roles, and then select Create. The Create Role wizard starts.

NOTE: You can assign more than one role to a user. The permission sets for roles are cumulative. If you assign one role to a user, you can grant additional permissions to that user by assigning another role that has a different permission set. Users never lose permissions when multiple roles are assigned to them. For example, assume that Role A enables permission to update the device firmware and Role B disables permission to update the device firmware. If you assign Role A to a user, the user can update the device firmware. If you then assign Role B to the user, the user retains permission to update the device firmware.

2.On the Specify permission settings page, select one of the following options from the Restriction type list:

None: The permission set for this role applies to all areas of HP Web Jetadmin.

Device Groups: The permission set for this role is limited to the device management features.

NOTE: If the Device Groups option is selected, you must also specify the device groups to which the role is restricted when you assign the role to a user. For instructions on assigning roles, see Assign Roles to Users on page 277.

274 Chapter 5 Application Management

ENWW

Page 302
Image 302
HP Web Jetadmin Software manual Restrict Roles to Device Groups, Create a Role