This article defines each of the functional security roles available in SiteAudit and what functions are permitted by users assigned to a role.
Functional Security Roles and Permissions
There are five functional security roles in SiteAudit. These roles are listed below. Note that the roles at the top have all the permissions of the roles beneath it. For example, a Tenant Administrator can do everything that a Manager and a Reviewer can do, but the Database Administrator and Server Administrator can perform certain functions that the Tenant Administrator cannot. The Server Administrator is the most permissive and can perform all functions within SiteAudit. The Reviewer is the least permissive and has the most restrictions pertaining to what the user is able to do within SiteAudit.
- Server Administrator
- Database Administrator
- Tenant Administrator
- Manager
- Reviewer
Reviewer Role
The Reviewer role is the least permissive role. This role is ideal for analysts or users who want to view data and create or schedule reports. A reviewer is also able to perform most diagnostics with one exception: They cannot use the SQL Query tool to execute queries against the database. Reviewers are also not permitted to make any configuration changes, stop or start monitoring, upgrade database schemas etc.
The primary functions that can be performed by a Reviewer include:
- View data and create reports
- Schedule reports
- Perform device and other diagnostics
Manager Role
The Manager role is able to perform all the functions of the Reviewer and is able to perform various configuration tasks such as discovery, mail server, notifications, and thresholds. A manager is not permitted to start/stop monitoring.
The primary functions that can be performed by a Manager include:
- All functions permitted to a Reviewer
- Import configuration information
- Configure discovery, notifications, thresholds, mail server, SLA
- Retire/Unretire, Manage/Unmanage devices
- Configure printer costs
- Change Asset information
Tenant Administrator Role
The Tenant Administrator can perform most functions needed to configure and operate SiteAudit. The Tenant Administrator cannot create/delete users nor assign roles and it cannot modify the license. The Tenant Administrator is the minimal role required to start / stop the monitoring service
The primary functions that can be performed by a Tenant Administrator include:
- All functions performed by a Manager
- Start/Stop monitoring service
- Configure the Reporting Web Site
- Modify Application Settings
- Upgrade/modify the database schema
- Perform SQL Queries against the SiteAudit database
- Assign printers to departments
- Delete collected data
- Auto update Hosted Clients
- Designate monitoring restart for Hosted Clients
- Virtual Technician
- Create remote DCA installer
Database Administrator Role
Users assigned to the Database Administrator role have the ability to create/delete users and assign roles to users. They can grant and revoke access to the SiteAudit database and modify the License.
The primary functions that can be performed by a Database Administrator include:
- All functions performed by a Tenant Administrator
- Create / Delete users
- Backup database
- Create or delete tenants (Hosted databases only)
- Grant / revoke access
- Configure licenses
Server Administrator Role
The Server Administrator is the most permissive role. A Server Administrator is able to perform all functions within the SiteAudit domain. The Server Administrator is a server role and is usually independent of a database administrator. This role is expected to be performed by those who have sysadmin rights on the SQL server.
The primary functions that can be performed by a Server Administrator include:
- All functions performed by a Database Administrator
- Create / delete databases
- Create / delete / modify logins
