1. Good morning. We need a way to prevent our Field Service Tech team from making any major changes within the UMS console. How do we restrict access so that the only thing they are able to do is _1. Move devices between folders and 2. allow Shadowing of devices…_ what is the best method to accomplish this? We were thinking of restricting in a way that only allowed them access to the web-based console, but it does not appear that the web console has the ability to shadow.
Create a group for these users, add them to the group.
Set the permissions to only allow what you want them to do.
kb.igel.com/endpointmgmt-6.10/en/administrators-and-groups-57321927.html
kb.igel.com/endpointmgmt-6.10/en/access-rights-57321932.html
kb.igel.com/endpointmgmt-6.10/en/object-related-access-rights-57321966.html
@member is there a way to prevent them from moving all clients to another folder…. just as an example.
Set permissions on the folders…
I would just give the Field Service Team access to the Web App and not the Java Console.
Another layer of security of the Web App is there is a specific permission for “bulk actions”. You can deny this permission so that users can perform actions on single devices but not all devices.
@member this is exactly what we were looking for! thank you!
@member I added your item to FAQ…
Q: How to limit bulk actions for UMS help desk users?
A: UMS WebApp has a layer of security to `only` allow actions on a single device – `Permission > General – WebApp > Device Bulk Action`.
igel-community.github.io/IGEL-Docs-v02/Docs/HOWTO-COSMOS/#faq-ums
@member i appreciate that.
@member another question that i have is how do we restrict access to the UMS Console, and ONLY allow access to the WebApp? is this possible?
Restrict UMS access to UMS WebApp and not allow UMS Java Console.
• uninstall / hide UMS Java Console on help desk users PC / VMs
• tell help desk to use UMS WebApp
• review logs on UMS Java Console and remind users to only use UMS WebApp
kb.igel.com/endpointmgmt-12.01/en/logging-77865192.html
kb.igel.com/endpointmgmt-12.01/en/important-information-for-the-igel-ums-web-app-81500856.html
@member we need to limit the UMS Admin / software sode console and ONLY provide access to the UMS WebApp via the designated browser. Is there not a actual way to achieve this?
@member we need to limit the UMS Admin / software sode console and ONLY provide access to the UMS WebApp via the designated browser. Is there not a actual way to achieve this?
@member Chiming in here because it sounds like you are going through the same permissions dilemma I went through a couple years ago when first standing up IGEL. I don’t believe there is a way to accomplish what you are looking for, or at least I could not find a way. The permissions between the full UMS console and UMS WebApp are linked to one another. This makes sense once you see how UMS 12 works.
My field services team can’t access the full UMS console basically the way Ron described. They don’t have access to the UMS server to get to that console and they don’t really know it exists let alone how to install it. Technically if someone did their own research they could install it and get in with the permissions set I gave them but the good news is the access controls in UMS are extremely granular and reliable. Even if they got in they could not access much of anything because I’ve explicitly denied 95% of the permissions.
thank you everyone for the quick responses and support. this is the type of thing that makes the igel community so amazing.
Continue reading and comment on the thread ‘How to restrict the access to functions in UMS’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!