Creating and assigning roles
The user role in Callisto dictates which pages and features a user can access. Callisto is provided with default roles which give access to all areas for each technology (for example “Configuration Manager User” has visibility of all ConfigMgr pages).
Additionally a role can be associated with an AD Group, so that a member of that group logging into Callisto is automatically assigned that role.
A role can also have a default Configuration Manager device collection ID associated to it, this will change the default view and default collection filter applied for a user (more details on how this works in this KB Article https://www.apajove.com/knowledge-base/default-collection-setting/
In this exercise we will create a role for our New York Support Team. We will assign an AD Security Group, a default collection and assign some specific rights.
- Log in as a Callisto Administrator and navigate to Administration – Roles.
- Click “Create new role” from the top right of the Roles screen
- Add a Role name of “Confiuration Manager NY Admins”
- Assign to Active Directory Security Group and type in the name of your Active Directory Security Group
- Find the collection ID you want to set as the default collection (you can look this up in the “Collections” tab of the device modal for a device)
6. Click the Permissions tab
7. For our NY ConfigMgr Support team role we are going to give access to just the Software Updates page in the Configuration Manager area:
8. Click Save in the bottom right of the page
9. Log in with a user who is a member of the Active Directory Group you have associated with the role and you will see the Software Updates area is the only one available to the user:
Note that a user can be a member of several roles, allowing the administrator to limit access to as many or as few Callisto areas as required.
When viewed in the Roles table the AD assignment and Default collection are easily visible: