Access rights and permissions

Contents

Access rights and permissions

Overview

Nexthink users have the right to see and manage content depending on their profile and assigned roles. The definition of a profile includes the account type, administration and view domains, mandatory roles, and other settings that determine the permissions of the users for managing content and performing system administration tasks.

The following tables display the access rights of the different types of users to the features of the product, including all the additional requirements to their profile or roles -when needed.

System management

Feature Main central administrator Central administrator Administrator User
Manage accounts Ok Ok Profile No
Manage profiles Ok Ok No No
Manage roles Ok (Domain) Ok (Domain) Domain No
Manage hierarchies Ok Ok No No
Manage entities Ok Ok No No
Manage engines Ok Ok No No
Manage appliance Ok Ok No No
Manage license Ok Ok No No
Profile
Administrators can create accounts if the option Allow creation of user accounts is checked in the definition of their profile.
OK (Domain)
Central administrators (including the main central administrator) can manage roles in the highest domain. For roles created in lower administration domains, central administrators have the power to delete them, but not to edit them.
Domain
Administrators can create and edit roles that fall under their administration domain.

Portal content

Feature Main central administrator Central administrator Administrator User
Create modules and dashboards Ok Ok Ok Profile
View published modules Ok Ok Domain + Roles Roles
Manage published modules Ok (Domain) Ok (Domain) Domain No
Manage service alerts Ok Ok Ok No
Profile
Normal users can create modules if the option Allow creation of personal dashboards is checked in the definition of their profile.
Domain + Roles
Administrators can view those published modules that fall under their administration domain, in addition to those included in their roles.
Roles
Normal users can only view those published modules included in their roles.
Ok (Domain)
Central administrators (including the main central administrator) can manage published modules in the highest domain. For modules created in lower administration domains, central administrators have the power to delete them, but not to edit them.
Domain
Administrators can manage and publish only those modules that fall under their administration domain.

Finder and Engine content

Feature Main central administrator Central administrator Administrator User
Access to the Finder Ok Profile1 Profile1 Profile1
Manage categories, services, metrics, campaigns, global alerts, import and export content Ok Profile2 Profile2 Profile2
Manually tag objects Ok Profile3 Profile3 Profile3
Web API V1 Ok Profile4 Profile4 Profile4
Web API V2 (NXQL) Ok Profile5 Profile5 Profile5
Management of Collector Ok Profile6 Profile6 Profile6
Profile1
The main central administrator has the access to the Finder granted by default. Other users must have the option Finder access checked in the definition of their profile.
Profile2
Users with data privacy disabled (Data privacy settings in the profile set to none (full access)) are able to manage categories, services, metrics, scores, campaigns, global alerts, as well as import and export content and manually synchronize users and devices with AD, if they have the suboption Allow system configuration checked, in addition to the Finder access option, in the definition of their profile.
Profile3
Users other than the main central administrator can tag objects and edit applications if they have the suboption Allow editing of applications and object tags checked, in addition to the Finder access option, in the definition of their profile.
Profile4
Users with data privacy disabled (Data privacy settings in the profile set to none (full access)) are able to manage Web API V1 investigations, if they have the suboption Allow management of Engine web API V1 (deprecated) checked, in addition to the Finder access option, in the definition of their profile.
Profile5
Users other than the main central administrator can access the Web API V2 (make requests to the Engine written in the NXQL language) if they have their Data privacy set to none (full access) and the option Finder access enabled in the definition of their profile.
Profile6
Users other than the main central administrator are able to supervise the installation of the Collector with the Updater from the Finder if they have the suboption Allow management of Collectors checked in their profile.
Related tasks