question concerning Role Mgmt/Role permissions

Is there a way to enable (on a Technician Role) remote control to devices and also disable the ability for a technician from changing the file ratings for a file/application from malicious to trusted?

I can’t seem to be able to separate the RMM & file rating from each other. I’ve played with different switches and it seems that the 2 switches work together.
Any help will be greatly appreciated.