Role-based Access Control (RBAC) Custom Roles

You can create custom roles to control access to all areas of Nerdio Manager. Custom roles define the scope and level of access and can be assigned to users and security groups. Users can access modules in read-only or full-access mode.

To create a custom role:

1. Navigate to RBAC Roles > Definitions .

2. Select Add.

3. Enter the following information:

   • Name: Type the custom role's name.

   • Description: Type a description of the custom role.

   • Modules: Select all the applicable modules and modes.

      

     Module	Modes
     Dashboard	Read Only
     Workspaces	Read Only Full Access Manage hosts: Allow users to manage hosts within assigned host pools. Manage assignments: Allow users to manage assignments within assigned host pools. Manage sessions: Allow users to manage sessions within assigned host pools. Manage power state: Allow users to manage the power state of the sessions within assigned host pools. Manage drain mode: Allow users to manage the drain mode of the sessions within assigned host pools. Run scripted actions: Allow users to run scripted actions within assigned host pools.
     Desktop Images	Read Only Full Access
     Intune	Global Roles: Read Only Full Access Read Only Roles: Read Devices Read Policies Read Applications and App Policies Read Update Rings and Policies Read Scripts Read BitLocker Read Antivirus Read User Experience Read User Groups Read Device Location Manage Roles: Manage Devices Manage Devices Privileged Manage BitLocker Manage Antivirus Manage Device Groups Manage User Groups Manage Locate Device Manage Policies Manage Applications and App Policies Manage Update Rings and Policies
     Intune > Windows 365	Read Only Full Access
     App Attach	Read Only Full Access
     UAM > Deployment Policies	Read Only Full Access
     UAM > App Groups	Read Only Full Access
     UAM > Catalog	Read Catalog Manage Catalog: Allow users to manage UAM catalogs and performs tasks such as importing and deploying apps. Manage Shell App Parameters: Allow users to manage Shell App parameters.
     Scripted Actions	Read Only Full Access
     Monitoring	Read Only
     Storage > Azure Files	Read Only Full Access Manage Profiles: Allow users to manage FSLogix profiles without the need for an active user session and without the need to provide full control to the file share.
     Advisor > Modeler	Read Only Full Access
     Advisor > Recommendations	Read Only Full Access
     Advisor > Rules	Read Only Full Access
     Storage > Azure NetApp Files	Read Only Full Access
     Storage > Log Analytics	Read Only Full Access
     Desktops	Full Access

4. Once you have entered all the desired information, select OK.

   Note: From the list of definitions, you can edit or delete a custom role.

For more information, see Role-based Access Control (RBAC) in Nerdio Manager.