To use the eADM application, every user must be assigned a role. This role determines what you can see and do within the system by placing you in a permission hierarchy.
eADM's permission model is built on six distinct roles. In this hierarchy, each role inherits all the permissions of the roles below it.
The six roles are:
-
Employee
-
Superuser
-
Manager
-
Service Desk User
-
Administrator
-
Partner Administrator
A Closer Look: Service Desk vs. Administrator Roles
While there are six roles, many users interact most with the Service Desk and Administrator roles. Understanding the difference is key to knowing who can help you and what changes they can make.
The Service Desk User Role
Think of the Service Desk User as a role designed for user support and daily administration. This role can view all user information and perform key administrative tasks, such as managing passwords and permissions, but does not have access to core system configuration.
Key Permissions and Capabilities:
-
View All User Information: A Service Desk User can search for and view the details of any user account within their organization. This is useful for troubleshooting and answering questions.
-
Change Passwords for Users: They can reset passwords for other users in the organization.
-
Administer User Permissions: They have the ability to manage the access permissions for users.
-
View Organizational Structure: They can see details about departments, groups, and the organization's overall profile.
-
No Core Configuration Changes: A Service Desk User cannot modify the core settings of eADM, such as synchronization rules or system integrations.
This role is ideal for helpdesk staff and junior administrators who handle day-to-day user management tasks but are not responsible for the overall administration of the eADM platform.
The Administrator User Role
The Administrator User has nearly full access to all features and settings within a single organization in eADM. This role is for trusted individuals who manage the configuration and security of the identity system.
Key Permissions and Capabilities:
-
Full User and Group Management: An Administrator can perform all the actions of a Service Desk User.
-
System Configuration: Administrators can configure all core aspects of the eADM platform for their organization. This includes managing the organization profile, synchronization rules, message templates, and access control settings.
-
Assigning Roles: An Administrator can add or remove permissions for other users up to and including their own permission level. For example, they can assign the Manager or Service Desk role but cannot assign the Partner Administrator role.
This powerful role is typically reserved for senior IT staff responsible for managing the organization's identity and access platform.
Comprehensive Permissions Table
Please refer to the authoritive permissions table for info on what each of the roles can do and not do within the application:
|
|
Employee |
Superuser |
Manager |
Service Desk |
Administrator |
Partner Administrator |
|
Own profile |
|
|
|
|
|
|
|
My profile |
✅ |
✅ |
✅ |
✅ |
✅ |
✅ |
|
Change own password |
✅ |
✅ |
✅ |
✅ |
✅ |
✅ |
|
See privacy statement |
✅ |
✅ |
✅ |
✅ |
✅ |
✅ |
|
See system information (About eAdm) |
✅ |
✅ |
✅ |
✅ |
✅ |
✅ |
|
See organizational information |
|
|
✅ |
✅ |
✅ |
✅ |
|
General settings for own account |
✅ |
✅ |
✅ |
✅ |
✅ |
✅ |
|
|
|
|
|
|
|
|
|
USER |
|
|
|
|
|
|
|
Search and view users |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
See user details |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
See user rights |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
See positions |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
See personal data |
|
|
✅ |
✅ |
✅ |
✅ |
|
See employment details |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
See group memberships |
|
|
✅ |
✅ |
✅ |
✅ |
|
See tasks and messages for user |
|
|
✅ |
✅ |
✅ |
✅ |
|
See source data (raw data) for user |
|
|
✅ |
✅ |
✅ |
✅ |
|
See user history |
|
|
✅ |
✅ |
✅ |
✅ |
|
See password history |
|
|
✅ |
✅ |
✅ |
✅ |
|
Change password for other users |
|
|
✅ |
✅ |
✅ |
✅ |
|
Edit user rights |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
Create manual user |
|
|
|
✅ |
✅ |
✅ |
|
Edit manual user |
|
|
|
✅ |
✅ |
✅ |
|
Upload manual users |
|
|
|
|
✅ |
✅ |
|
|
|
|
|
|
|
|
|
GROUPS |
|
|
|
|
|
|
|
Search and view groups |
|
|
|
✅ |
✅ |
✅ |
|
See group details and members |
|
|
|
✅ |
✅ |
✅ |
|
See source data (raw data) for group |
|
|
|
✅ |
✅ |
✅ |
|
See group history |
|
|
|
✅ |
✅ |
✅ |
|
See where group is used |
|
|
|
✅ |
✅ |
✅ |
|
Add/remove group members |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
Create/edit manual group |
|
|
|
|
✅ |
✅ |
|
Upload manual groups |
|
|
|
|
✅ |
✅ |
|
|
|
|
|
|
|
|
|
DEPARTMENTS |
|
|
|
|
|
|
|
Search and view departments |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
See department hierarchy |
✅ |
✅ |
✅ |
✅ |
✅ |
✅ |
|
See department details |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
See employees in a department |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
See source data (raw data) for department |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
See department history |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
Create/edit manual department |
|
|
|
✅ |
✅ |
✅ |
|
Upload manual departments |
|
|
|
|
✅ |
✅ |
|
|
|
|
|
|
|
|
|
ACCESS CONTROL |
|
|
|
|
|
|
|
Search in access collections |
|
|
|
✅ |
✅ |
✅ |
|
See details for access collection |
|
|
|
✅ |
✅ |
✅ |
|
Create/edit access collection |
|
|
|
|
✅ |
✅ |
|
Wizard to assign rights |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
|
|
|
|
|
|
|
|
SYNCHRONIZATION |
|
|
|
|
|
|
|
See synchronization status/history |
|
|
|
✅ |
✅ |
✅ |
|
See synchronization templates |
|
|
|
✅ |
✅ |
✅ |
|
Create/edit synchronization template |
|
|
|
|
✅ |
✅ |
|
See/edit import filter |
|
|
|
|
✅ |
✅ |
|
See/edit synchronization notifications |
|
|
|
|
✅ |
✅ |
|
See/edit synchronization cycle |
|
|
|
|
✅ |
✅ |
|
Edit synchronization steps |
|
|
|
|
|
✅ |
|
Test import file |
|
|
|
|
|
✅ |
|
|
|
|
|
|
|
|
|
EHUB (FORMS AND DATA) |
|
|
|
|
|
|
|
See and fill out forms |
✅ |
✅ |
✅ |
✅ |
✅ |
✅ |
|
Search in submitted form data |
|
|
✅ |
✅ |
✅ |
✅ |
|
See details for form data |
|
|
✅ |
✅ |
✅ |
✅ |
|
See form templates |
|
|
|
✅ |
✅ |
✅ |
|
Create/edit form template |
|
|
|
|
✅ |
✅ |
|
|
|
|
|
|
|
|
|
SYSTEM ADMINISTRATION |
|
|
|
|
|
|
|
See logs (Audit, Security, Error) |
|
|
|
|
✅ |
✅ |
|
See and edit customer configuration |
|
|
|
|
|
✅ |
|
See reports |
|
|
|
|
|
✅ |
|
Test export |
|
|
|
|
|
|
|
Import roles |
|
|
|
|
|
|
|
Manage system fields |
|
|
|
|
|
|
Important Rules and Conditions
The permissions listed above are governed by the following conditions:
User Access Scope
-
Limited Scope: Superusers and Managers can only perform actions (like changing passwords) on users who belong to the specific groups and departments they have been given access to.
-
Full Scope: Service Desk Users and Administrators can view and manage all users within their entire organization.
Assigning Permissions
A user can add or remove permissions for other users, but only up to their own permission level.
Example: A Manager can assign the Employee and Superuser roles but cannot assign the Administrator role.
Definition of "Organization Details"
Warning: The permission to "Administer organization details" is a high-level privilege. It refers to managing the following critical system components:
-
Organization profile
-
Synchronization and rule sets
-
Message and export templates
-
Access control
-
Manual objects