You can grant Active Directory users and groups access to JetPatch Manager, using their Windows credentials. Additionally, you can configure user accounts with locally-defined credentials.
Users and groups of both types can be configured with either of the following permission types:
- JetPatch Administrator: Has full permissions for all console tabs, actions, endpoints, and managed agents.
- Regular user: By default, has very minimal permissions: cannot perform most actions; no endpoints appear; in the Policy and Tools, can view all management tools and management services, but cannot configure, provision or operate them; some tabs do not appear in the JetPatch Manager Console.
Additional permissions can be granted by associating the users or groups with configurable user roles. Some of the permissions defined by user role relate to endpoints and/or management tools and services, in which case the permissions are subject to the following additional permission parameters (configured directly for the user or group), as relevant:
- Endpoint scope: Defined by specified smart groups. Relevant to viewing endpoints, provisioning management services to them and operating their management services, subject to role permissions and management tool permissions.
- Management tools: Relevant to configuring management services, provisioning them to endpoints and operating them on endpoints, subject to role permissions and endpoint scope.
A user or group may be assigned multiple user roles, in which case the permissions are aggregated.
To be able to grant JetPatch Manager access to Active Directory users and groups, you need to first specify one or more Active Directory domains.
Permissions based on group membership are granted to and aggregated for each individual user.