Why a Digi Remote Manager (Digi RM) Read-Only user can see all actions as allowed? What is the difference with Custom Users? This Article provide clarification and examples on this aspect of Digi RM User roles.
To add a new User on a Digi RM account, log in with an Administratore user and go to System > Users section:
Click Add, and insert all info for the user creation:
As shown in the picture above, a User must be assigend with a Role, and while a "User" have full read/write access to the account and an "Administrator" also the rights to add/edit/remove users, the Read Only user instead can only view the account information.
What happens anyway is that at a first look, when logging in with a Read Only user, it seems that he can see also all"actions" as available, such as:
Even if all actions seem available, the Read Only User will not actually be allowed to do any action that will change something in the account/devices.
Below some examples on Actions that seems allowed but that are then denied, with different type of error, all indicated that user has not enough privileges:
Remove a device:
Reboot a device:
Add a device to a group:
Edit a configuration setting:
Also, a Read Only user (and a normal user as well) will not be able to see the account/users section under System:
In order to enable some exceptions and grant more granularity of the Users privileges, Custom User Roles can be configured by going into Systems > Users > Actions > Edit Custom Role Users :
Here you can enable/disable some specific privileges that can be added/removed to a Read Only/user role:
That means the following:
- If the Reboot option is enabled, a Custom Read Only User will be as a Read Only user but with an additional permission to reboot the devices.
- If one or more of the Add/Remove device/Edit config options are disabled, a Customer User will be as a User but with one or more of the above permissions removed.