About the permission of a role for a user:
As far as my understanding goes- only having the 3rd as ON should allow the user with that role to delete a profile.
However, I tried different combinations of all 3 options and I can’t get to a situation where a user in this role can associate a profile with a device/group but cannot delete a profile.
What am I missing?
| manage.profiles |
Manage profiles and alerts (read only) |
ON OFF |
| manage.profiles.association |
Association profiles with devices. Parent permissions are "manage.profiles", "inventory.devices", "inventory.users", "inventory.devices.actions" |
ON OFF |
| manage.profiles.manage |
Manage profiles and alerts (full control). Parent permissions are "manage.profiles" and "inventory.devices" |
Hello @InfoSecAdmin,
Users, or more appropriately called end-users, are the customers of your Clients/Companies. These end-users are not allowed to delete profiles.
You can learn more about Role Based Access Control for Users here:
https://help.comodo.com/topic-399-1-786-10114-Configuring-Role-Based-Access-Control-for-Users.html
Staff, on the other hand, are the people directly working for you. These are the people, if given permission, that have access to end-users and devices. They can add/remove devices, modify users and create/delete profiles.
You can learn more about staff/administration management here:
https://help.comodo.com/topic-289-1-716-11209-Managing-Administrators.html
You can also learn more about their roles and capabilities here:
https://help.comodo.com/topic-289-1-716-11210-Managing-Roles.html
Thank you