Roles and Permissions in the eADM Application

To use the eADM application, every user must be assigned a role. This role determines what you can see and do within the system by placing you in a permission hierarchy.

eADM's permission model is built on six distinct roles. In this hierarchy, each role inherits all the permissions of the roles below it.

The six roles are:

• Employee

• Superuser

• Manager

• Service Desk User

• Administrator

• Partner Administrator

A Closer Look: Service Desk vs. Administrator Roles

While there are six roles, many users interact most with the Service Desk and Administrator roles. Understanding the difference is key to knowing who can help you and what changes they can make.

The Service Desk User Role

Think of the Service Desk User as a role designed for user support and daily administration. This role can view all user information and perform key administrative tasks, such as managing passwords and permissions, but does not have access to core system configuration.

Key Permissions and Capabilities:

• View All User Information: A Service Desk User can search for and view the details of any user account within their organization. This is useful for troubleshooting and answering questions.

• Change Passwords for Users: They can reset passwords for other users in the organization.

• Administer User Permissions: They have the ability to manage the access permissions for users.

• View Organizational Structure: They can see details about departments, groups, and the organization's overall profile.

• No Core Configuration Changes: A Service Desk User cannot modify the core settings of eADM, such as synchronization rules or system integrations.

This role is ideal for helpdesk staff and junior administrators who handle day-to-day user management tasks but are not responsible for the overall administration of the eADM platform.

The Administrator User Role

The Administrator User has nearly full access to all features and settings within a single organization in eADM. This role is for trusted individuals who manage the configuration and security of the identity system.

Key Permissions and Capabilities:

• Full User and Group Management: An Administrator can perform all the actions of a Service Desk User.

• System Configuration: Administrators can configure all core aspects of the eADM platform for their organization. This includes managing the organization profile, synchronization rules, message templates, and access control settings.

• Assigning Roles: An Administrator can add or remove permissions for other users up to and including their own permission level. For example, they can assign the Manager or Service Desk role but cannot assign the Partner Administrator role.

This powerful role is typically reserved for senior IT staff responsible for managing the organization's identity and access platform.

Comprehensive Permissions Table

The table below outlines the specific operations each of the six roles is permitted to perform.

Important Rules and Conditions

The permissions listed above are governed by the following conditions:

User Access Scope

• Limited Scope: Superusers and Managers can only perform actions (like changing passwords) on users who belong to the specific groups and departments they have been given access to.

• Full Scope: Service Desk Users and Administrators can view and manage all users within their entire organization.

Assigning Permissions

A user can add or remove permissions for other users, but only up to their own permission level.

Example: A Manager can assign the Employee and Superuser roles but cannot assign the Administrator role.

Definition of "Organization Details"

Warning: The permission to "Administer organization details" is a high-level privilege. It refers to managing the following critical system components:

• Organization profile

• Synchronization and rule sets

• Message and export templates

• Access control

• Manual objects