{"id":2560,"date":"2025-07-02T12:44:23","date_gmt":"2025-07-02T12:44:23","guid":{"rendered":"https:\/\/zecurit.com\/help\/docs\/asset-manager\/settings\/access-permissions\/user-role-management\/"},"modified":"2025-07-04T12:06:27","modified_gmt":"2025-07-04T12:06:27","slug":"user-role-management","status":"publish","type":"docs","link":"https:\/\/zecurit.com\/help\/asset-management\/settings\/access-permissions\/user-role-management\/","title":{"rendered":"User &#038; Role Management"},"content":{"rendered":"\n<p>The <strong>User &amp; Role Management<\/strong> section helps you onboard team members, assign the right level of access and control which parts of the platform each user can interact with. This is essential for ensuring security, accountability and role-based workflows within your organization.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Overview<\/h2>\n\n\n\n<p>Zecurit supports a <strong>role-based access control (RBAC)<\/strong> model, allowing organizations to define who can do what and where. This ensures only authorized users can perform critical operations like configuring settings, enrolling devices or viewing sensitive reports.<\/p>\n\n\n\n<p>The section is divided into two main tabs:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Users:<\/strong> Manage user invitations, access, and scope<\/li>\n\n\n\n<li><strong>Roles:<\/strong> Define what each role can do across the platform<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Users Tab<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Inviting a New User<\/h3>\n\n\n\n<p>To add a new user:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Settings \u2192 Organization \u2192 Users<\/strong><\/li>\n\n\n\n<li>Click on <strong>Add User<\/strong><\/li>\n\n\n\n<li>Fill out the invitation form:\n<ul class=\"wp-block-list\">\n<li><strong>User Name<\/strong> \u2013 Name of user.<\/li>\n\n\n\n<li><strong>Email Address<\/strong> \u2013 User&#8217;s work email<\/li>\n\n\n\n<li><strong>Photo<\/strong> (Optional) \u2013 User\u2019s Photo<\/li>\n\n\n\n<li>Under Scope:\n<ul class=\"wp-block-list\">\n<li><strong>Assign Role<\/strong> \u2013 Select a default or custom role<\/li>\n\n\n\n<li><strong>Assign Device Groups<\/strong> \u2013 Select which device groups this user can manage<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Only Super Admins can invite users and assign roles\/groups.<\/p>\n<\/blockquote>\n\n\n\n<p>An invitation email will be sent to the user with steps to complete their account setup.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Managing Existing Users<\/h3>\n\n\n\n<p>After users accept the invite and join your organization, Super Admins can manage their details by:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Editing <strong>username<\/strong> or <strong>profile photo<\/strong><\/li>\n\n\n\n<li>Reassigning <strong>roles<\/strong><\/li>\n\n\n\n<li>Changing <strong>device group scope<\/strong><\/li>\n\n\n\n<li>Deactivating\/reactivating accounts<\/li>\n\n\n\n<li>Resetting passwords<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>All changes are audited and logged in the Activity Log for compliance and security tracking.<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">Roles Tab<\/h2>\n\n\n\n<p>Zecurit offers <strong>three default roles<\/strong>, and Super Admins can also define <strong>custom roles<\/strong>:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Default Roles<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Role<\/th><th>Permissions Summary<\/th><\/tr><\/thead><tbody><tr><td><strong>Super Admin<\/strong><\/td><td>Full platform access, including user, role, security, and org-wide settings<\/td><\/tr><tr><td><strong>Admin<\/strong><\/td><td>Can enroll devices, manage inventory, run reports, but cannot modify roles or critical settings<\/td><\/tr><tr><td><strong>Technician<\/strong><\/td><td>Limited access, can view and manage assigned device groups only, no access to sensitive settings<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Default Role Permissions<\/h3>\n\n\n\n<p>Here\u2019s a breakdown of the default access permissions for each role:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Feature<\/strong><\/th><th><strong>Super Admin<\/strong><\/th><th><strong>Admin<\/strong><\/th><th><strong>Technician<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>Enrollment<\/strong><\/td><td><\/td><td><\/td><td><\/td><\/tr><tr><td>Deployment<\/td><td>Full<\/td><td>Full<\/td><td>Write<\/td><\/tr><tr><td>Connector<\/td><td>Full<\/td><td>Full<\/td><td>No Access<\/td><\/tr><tr><td>Domain<\/td><td>Full<\/td><td>Full<\/td><td>No Access<\/td><\/tr><tr><td>Enrollment Reports<\/td><td>Full<\/td><td>Full<\/td><td>Write<\/td><\/tr><tr><td><strong>Inventory<\/strong><\/td><td><\/td><td><\/td><td><\/td><\/tr><tr><td>Scan Device<\/td><td>Full<\/td><td>Write<\/td><td>Write<\/td><\/tr><tr><td>Schedule Scan<\/td><td>Full<\/td><td>Full<\/td><td>Read<\/td><\/tr><tr><td>Software License<\/td><td>Full<\/td><td>Write<\/td><td>Read<\/td><\/tr><tr><td>Software Category<\/td><td>Full<\/td><td>Full<\/td><td>Write<\/td><\/tr><tr><td>Geo Location<\/td><td>Full<\/td><td>Write<\/td><td>Read<\/td><\/tr><tr><td><strong>Audit<\/strong><\/td><td><\/td><td><\/td><td><\/td><\/tr><tr><td>Alerts<\/td><td>Full<\/td><td>Full<\/td><td>Write<\/td><\/tr><tr><td>Activity Log<\/td><td>Full<\/td><td>Write<\/td><td>Write<\/td><\/tr><tr><td><strong>Reports &amp; Analytics<\/strong><\/td><td><\/td><td><\/td><td><\/td><\/tr><tr><td>Reports Schedule<\/td><td>Full<\/td><td>Write<\/td><td>Read<\/td><\/tr><tr><td>Security Reports<\/td><td>Full<\/td><td>Full<\/td><td>Write<\/td><\/tr><tr><td>Hardware Reports<\/td><td>Full<\/td><td>Full<\/td><td>Write<\/td><\/tr><tr><td>Software Reports<\/td><td>Full<\/td><td>Full<\/td><td>Write<\/td><\/tr><tr><td>License Reports<\/td><td>Full<\/td><td>Full<\/td><td>Write<\/td><\/tr><tr><td>Certificate Reports<\/td><td>Full<\/td><td>Full<\/td><td>Write<\/td><\/tr><tr><td>User Logon Reports<\/td><td>Full<\/td><td>Full<\/td><td>Write<\/td><\/tr><tr><td><strong>Settings<\/strong><\/td><td><\/td><td><\/td><td><\/td><\/tr><tr><td>User Management<\/td><td>Full<\/td><td>Write<\/td><td>No Access<\/td><\/tr><tr><td>Rebranding<\/td><td>Full<\/td><td>No Access<\/td><td>No Access<\/td><\/tr><tr><td>Roles<\/td><td>Full<\/td><td>Write<\/td><td>Read<\/td><\/tr><tr><td>Groups<\/td><td>Full<\/td><td>Write<\/td><td>Read<\/td><\/tr><tr><td>2FA Settings<\/td><td>Full<\/td><td>Write<\/td><td>No Access<\/td><\/tr><tr><td>IP Restriction<\/td><td>Full<\/td><td>Write<\/td><td>No Access<\/td><\/tr><tr><td>Session Settings<\/td><td>Full<\/td><td>Write<\/td><td>No Access<\/td><\/tr><tr><td>Agent Protection<\/td><td>Full<\/td><td>Write<\/td><td>No Access<\/td><\/tr><tr><td>Data Cleanup Settings<\/td><td>Full<\/td><td>Write<\/td><td>No Access<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Custom Role Creation<\/h3>\n\n\n\n<p>To create a custom role:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Navigate to <strong>Settings \u2192 Organization \u2192 Roles<\/strong><\/li>\n\n\n\n<li>Click <strong>Create Role<\/strong><\/li>\n\n\n\n<li>Provide a <strong>Role Name<\/strong> and optionally a <strong>description<\/strong><\/li>\n\n\n\n<li>Select feature-level rights\/permissions (on\/off) for:<\/li>\n<\/ol>\n\n\n\n<p>For details on module and functionality permissions in Roles, Please check this <a href=\"https:\/\/zecurit.com\/help\/docs\/asset-manager\/settings\/access-permissions\/custom-role-permissions\/\" data-type=\"link\" data-id=\"https:\/\/zecurit.com\/help\/docs\/asset-manager\/settings\/access-permissions\/custom-role-permissions\/\">Custom Role Permissions<\/a> documentation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Assigning Device Groups<\/h2>\n\n\n\n<p>When assigning a user role, you must also define their <strong>device group scope<\/strong>. This limits the user&#8217;s visibility and control to only those devices, improving security and simplifying their workflow. A user can be assigned <strong>one or more unique groups<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Best Practices<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Always use <strong>role-based access<\/strong> instead of sharing accounts<\/li>\n\n\n\n<li>Periodically <strong>review active users and their roles<\/strong><\/li>\n\n\n\n<li>Assign <strong>minimum necessary permissions<\/strong> based on job function<\/li>\n\n\n\n<li>Use <strong>device group scoping<\/strong> for better segmentation and accountability<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Related Topics<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/zecurit.com\/help\/docs\/asset-manager\/settings\/access-permissions\/custom-role-permissions\/\">Custom Role Permissions<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/zecurit.com\/help\/docs\/asset-manager\/settings\/organization-settings\/device-groups\/\">Device Groups<\/a><\/li>\n<\/ul>\n\n\n\n<p><\/p>\n","protected":false},"featured_media":0,"parent":2552,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","doc_tag":[],"class_list":["post-2560","docs","type-docs","status-publish","hentry"],"comment_count":0,"_links":{"self":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2560","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/types\/docs"}],"replies":[{"embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/comments?post=2560"}],"version-history":[{"count":7,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2560\/revisions"}],"predecessor-version":[{"id":2650,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2560\/revisions\/2650"}],"up":[{"embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/docs\/2552"}],"wp:attachment":[{"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/media?parent=2560"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/zecurit.com\/help\/wp-json\/wp\/v2\/doc_tag?post=2560"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}