Configuring Roles and Permissions

Before you begin

Configuring roles and permissions requires:
  • SOTI MobiControl (15.4 or later) web console permissions to grant access to SOTI XSight.
  • SOTI XSight rights to grant granular permissions.

About this task

Configuring roles and permissions gives granular control for enhanced security by limiting access to specific capabilities, ensuring that users have access to the functions they require and nothing more.

Note: The SOTI MobiControl administrator of the default instance is also the default SOTI XSight administrator, and you cannot remove it. However, you can manually assign roles from other SOTI MobiControl instances or external sources as a SOTI XSight system administrator.

Procedure

  1. From the main menu, select Roles and Permissions. The Roles page opens.
  2. From the left panel, select Instances.
  3. Expand the instance containing the role to which you want to add permissions.
SOTI XSight General Permissions
  1. Select XSight General Permissions. The right panel displays related permissions.
  2. Turn on the following permissions as required to give a role feature access within SOTI XSight:

    • Incident Management Access

    • Operational Intelligence Access

    • Live View Access

    • Generate XSight Agent

    • Chat Access

    Note: Incident management groups, operational intelligence device profiles, and battery pools from a specific role or external source do not inherit the role's permissions by default. You must assign permissions manually.
  3. If visible, select Save to commit your changes.
Incident Management Group Permissions
  1. Select incident management group permissions as required according to the following options.
    You may configure incident management group permissions via quick-select permissions or granular permissions.
    Note: Only system administrators can create or delete Incident Management groups. You cannot grant Incident Management group permissions upon creation.

    Quick-select Permissions

    The following options give a prepared selection of permissions:
    • Select Admin Permissions—Group members full available rights for Incident Management groups.
      Note: This is the same as selecting Full Control among the granular permissions.
    • Select Technician Permissions—Group members have all available rights except Manage Group.
    • Select Reporter Permissions—Group members have all available rights under Incidents.

    Granular Permissions

    Select the following granular permissions for the role within each applicable permissions group.

    Full Control Group members have all available rights.
    Manage Group Group members can:
    • Access Manage Group settings on the main Settings page
    • Rename and disable incident management groups
    Manage Incidents

    View SLA

    		 View the SLA status of non-draft incidents from the Due column of the incident dashboard and inside the incident.

    View Incidents

    Users can view all incidents that are in the group

    Note: Users can view incidents they are a reporter for regardless of permissions.

    Edit Status

    Change the status of incidents in the group.

    Note: Users can change the status of incidents they created regardless of assigned permissions.

    View Private Note

    		 View notes marked as private regardless of who created them.
    Create/Edit Private Note Create and edit private notes in incidents.

    Edit Priority

    		 Change the priority of incidents in the group.

    Create Email

    Create and send emails.

    Note: Sending emails requires an email configuration.

    Delete Incident

    Delete non-draft incidents from the group.

    Note: Users can delete draft incidents they created regardless of assigned permissions.

    Delete Reporter

    		 Separate the user from the incident.
    Note: The incident must be in draft.

    Associate Tag

    		 Add or remove tags from an incident.
    Note: Requires the View Tag permission.

    Edit Incident

    Change the subject, description, watcher, and linked incidents for non-draft incidents.

    Note: Anyone can edit draft incidents regardless of permissions.

    Edit Reporter

    		 Change the reporter in draft incidents.

    Edit Assignee

    Change the assignee of an incident.

    Note: Assignees require Manage Incidents or Manage Group permissions.
    Add Device Add/remove managed or unmanaged devices from incidents that are in open or pending state.
    Note: Users can add and remove devices for incidents in draft state regardless of permission.
    Note: This permission applies to SOTI XSight versions 2024.0.2 and later. In versions of SOTI XSight earlier than 2024.0.2, all of the Manage Incidents set of permissions are required for a user to be able to have this permission.

    View Tag

    Users can view all group tags. When selected, tags display on the IM page and within the group's incidents.

    Note: Required for roles with the Associate Tag permission.

    View Priority

    		 View the priority of group incidents.

    Create/View/Edit resolution note

    		 Create, view, or edit incident resolution notes.
    Incidents Create Incident Create an incident.
    Create/Edit Public Note Add or edit publicly visible incident notes.
    Add Attachment Add attachments to incidents.
  2. If visible, select Save to commit your changes.
Device Profiles
  1. From the list of device profiles, select the applicable options for each:
    • Manage Profiles—Role members have full control to edit, deactivate, and delete profiles.
    • View Profiles—Role members can see report data and configure the profile's shared view settings.
    Note: Viewing device profile reports or sharing links to them requires Manage Profiles or View Profiles permissions. Editing profile reports or adding/modifying a scheduled report requires Manage Profiles permission unless the report belongs to the user.
    Note: When creating or updating an analysis profile, users can also specify the permissions to grant to roles. See Creating an Analysis Profile.
  2. If visible, select Save to commit your changes.
Battery Pools
  1. From the list of battery pools, select the applicable permission options for each:
    • Manage Pools—Role members have full control over the pool.
    • View Pools—Role members can see report data and configure the pool's shared view settings.
    Note: Only system administrators can create battery pools. When creating or updating a battery pool, authorized users can also specify the permissions to grant to roles. See Organizing Your Batteries.
  2. If visible, select Save to commit your changes.

Results

You have assigned and saved your required role permissions.