Users

In the role-based access control (RBAC) system, the role assigned to a user dictates the features the user can access.

Main menu items and icons that appear on the left depend on the permission assigned to a user. For example, if you only assign access to policies for a standard user, when logging in the user sees only the Home and Policies menu items.

About user types and resources

User types

There are two user types:

• Administrator: An administrator can access all areas of EPM. An administrator user does not require any additional setup for types and resources, as this account can access and manage all areas of the system.
• Standard User: A standard user has delegated access based on the resources assigned to the user.

Resources

Computer groups

The following computer group permissions can be assigned to a standard user, for either all groups or individually selected groups.

Policies

The following policies permissions can be assigned to a standard user, for either all policies or individually selected policies.

Configuration settings

As an administrator, delegate access to configuration settings so that the user only sees the resources they need access to. A standard user can be assigned edit and view permissions on each of the configuration areas of EPM.

Assign a standard user the Edit Setting permission when they need to access and change settings for a particular configuration setting.

A standard user can see but not interact with settings when assigned the View Setting permission.

The user will not see the configuration setting if neither edit nor view is selected.

ℹ️

Note

The About configuration setting cannot be assigned edit permissions. All standard users can see About information but they cannot change the information on the About page.

The Users page

Use the Users list to view at-a-glance data about users in EPM for Windows and Mac.

1. Left menu: Easy access to all pages in Endpoint Privilege Management, including the Home, Policies, Computers, Computer Groups, Management Rules, Analytics, Just-in-Time Access Management, Configuration, Auditing, and User Management pages.
2. Header: Enter keywords to run a global search across computer groups, policies, computers, and users, view your notifications, change your site language, change your time zone, and log out of EPM for Windows and Mac.

3. Filters: Click the drop arrow to select a filter type. The selected filter displays to the left of the drop-down. Click Clear Filters to remove all filters and search results.

   👍

   Filter types

   • Email Address

   • User Type

   • Last Logged In

   • Status

   • Language

4. Create User: Click to create a new user.

5. List options: Click to refresh the list, to download the list to a .csv file, and to select which columns to display on the page.

6. Users list columns: Not all columns display in the image above.

   👍

   Column names

   • Email Address: The email account used to register the user.
   • User Type: Indicates if the user is an administrator or standard user.
   • Assign Policy to Groups: The number of computer groups the user can assign policy to.
   • Edit Groups: The number of computer groups the user can edit.
   • View Groups: The number of computer groups the user can view information for.
   • Analyze Groups: The number of computer groups the user can view data analytics on.
   • Edit Policies: The number of policies the user can edit.
   • View Policies: If a policy is locked, this displays the period (in days or months, if longer
     than 3 weeks) when the policy was last locked.
   • View Settings: The number configuration settings the user has permission to view.
   • Last Logged In: The time and date the user last logged on to the console.
   • Create Groups: Indicates if the user has permission to create computer groups.
   • Create Policies: Indicates if the user has permission to create policies.
   • Edit Settings: Indicates if the user has permission to edit configuration settings.
   • Status: The status of the user account: enabled or disabled.
   • Language: The language preference selected in account preferences.

7. List navigation options: Navigate in the Users list.

Create a user

Workflow for creating a user:

• Add user details

Select your preferred method for applying permissions to the account:

• Create a user and assign roles
• Create a user and select permissions to customize access

Add the user details

The user details include general information: email address, language, time zone, and date format.

To add user details:

1. On the sidebar menu, select User Management.
2. Click Create User.
3. In the User Details section, enter the email address.
4. Optionally, set language, time zone, and date format.
5. Select one of the following:
   • Assign roles to user
   • Customize permissions for a user

Assign roles to a user

After adding the initial account information,

1. Select Assign roles to user in the Permissions section.
2. Select one or more roles.

As you go through the roles, select the Show Role details to confirm the user requires those permissions.

4. Select Create User.

Customize permissions for a user

After adding the initial account information,

1. Select Customize permissions for a user in the Permissions section.
2. Select a user type:
   • Administrator: The user can access and manage all areas of the system. Click Create User to complete the process.
   • Standard User: The user can only access and manage resources that you identify in the next steps.
3. Under Computer Groups, select either All Computer Groups, or select individual groups and roles.
   • If you select All Computer Groups, select one or more permissions from the Computer Groups Permission list. The user will have the role(s) across all existing and future computer groups. The View Groups role is automatically selected with any of the other options.
   • To select individual groups and permissions, check the boxes for the permissions to apply to each group. Use a filter to narrow the scope of groups displayed.
4. Under Policies, select either All Policies, or select individual policies and permissions.
   • If you select All Policies, select one or more permissions from the Policies Permission list. The user will have the permissions across all existing and future policies. The View Policies permission is automatically selected with any of the other options.
   • To select individual policies and permissions, check the boxes for the permissions to associate with each policy.Use a filter to narrow the scope of policies displayed.
5. Under Settings, select the configuration items the user needs access to.
6. Click Create User.

Assign roles

After adding the user details, you are ready to assign roles.

Before continuing with role assignment, be sure to review available roles or create a custom role with preferred permissions for your user's responsibilities.

Select from preconfigured roles or create a role.

To assign roles:

1. On the sidebar menu, select User Management.
2. Navigate to a user, and then select Assign Roles from the menu.
3. On the Assign Role to Users panel, select the roles to assign to the user account.
4. Select Assign Roles.

Resend an email invite

An email invitation can be resent to a user that has not accepted their invite to the EPM portal.

On the Users page, select the user, and then select Resend Email Invite.

ℹ️

Note

There is no limit on how many times an invitation can be sent to a user.

Edit a user's profile

As an administrator user, you can edit user account properties including roles and resources for a user account.

1. On the sidebar menu, click Users.
2. Locate the user account you want to edit. Use the filter option to reduce the list size.
3. Select Edit User from the menu.
4. Click Next: Roles and Resources.
5. Make the role and resources changes, and then click Save Changes.

If you remove all access for a standard user account, the user can log in to EPM, but cannot access any resources. A message indicates to contact their administrator to request access to EPM.

View a user's details

You can view information about a user account such as: email address, create date, and status.

To get a quick at-a-glance view of recent activities for a user, click the Activity tab. You can see the event time, audit type, and summary information on the action that occurred.

The information displayed on the User Details page varies depending on the user role and responsibilities.

Change the properties for a user account such as email address, date format, and time zone. The changes will take effect the next time you log on to EPM. You can also change these properties from the user account menu.

Disable a user's account

Disable a user's account when they no longer require access to EPM or if they leave the company.

1. Go to the Users main page.
2. Select the user account, and then select Disable from the menu.

If you need to reinstate the user account, select Enable from the menu to reverse the action.

Delete user accounts

Delete users no longer requiring access to EPM-WM.

• Deleting a user account removes all personal identification information (PII).
• Removes the user name and email address from the EPM database.
• Requires admin access.
• The delete action displays in auditing for tracking purposes.
• Deleting a policy user displays as blank when viewing the policy details (revisions and drafts). Any policy drafts by that user are discarded when the account is deleted.

To delete user accounts:

1. On the sidebar menu, select User Management.
2. Select the Users tab.
3. Find the user account in the list and select Delete from the menu. If needed, you can select more than one user account at a time. Alternatively, delete a user account on the User Details page (User Management GREATERTHAN View User Details).
4. Confirm the action when prompted.