Roles
Last updated
Last updated
A user role defines the access rights of a user to the features of the Nexthink web interface. The following roles exist:
Main role, which can grant access to view domain, and can access data privacy, landing page, feature and content permissions. Each user account must have a main role.
Additional role, which can grant access to data privacy, feature and content permissions. Additional roles are optional and each user account can have multiple additional roles.
Select the Administration module from the main menu.
Select Roles under the Account management section.
Hover over an existing role to reveal the edit icon on the right side of the row. Select the edit icon to change an existing role.
To configure a new role:
Select the New role button in the top-right corner of the role administration page
Select the Main role or Additional role as the role type.
Select Add role.
It is not possible to convert a Main role to an Additional role and vice versa.
Name: Enter the name of the role.
Description: Enter a role description.
Landing pages are available for main roles only.
Define a custom landing page for the role. The users with this role land on the page after logging into the Nexthink web interface. Ensure that the users of the role have the necessary permissions to view the page, otherwise, an error message appears.
Leave the textbox empty or enter /
for the system to redirect the user to the first module in the main menu. The module may differ based on the user license and permissions.
Enter a relative path to the page you want the users to land on after logging into the Nexthink web interface. For example, for the following URL:
https://eu.nameofinstance.cloud/strategic-eo/overview
The relative path is: /strategic-eo/overview
If the string is not a valid path, an error message appears to the user after the login.
Test if the landing page is working properly after assigning the role to a specific user.
Define the Data privacy settings for the role to prevent users from seeing sensitive data:
Destinations and domains: Set to Hidden to hide destinations and domains of connectivity events from the user.
Devices: Set to Hidden to hide device names from the user.
Users: Set to Hidden to hide user names from the user.
View domains are available for main roles only.
Define the scope of devices, related events, and inventory objects a role can view.
Full access: The role can access all Nexthink data.
Limited access: Select the list of entities that the role can see. Only devices, events, and inventory objects associated with those entities are visible to the user with this role.
The entities are defined in the Organization tab of the Product configuration page.
A user role with a limited view domain can list all users but cannot drill down to related devices and events if they are not part of its view domain.
Refer to the View domain documentation for more information.
The Permissions tab lets you configure the permissions granted to the users with the assigned role.
Grant permissions at the feature level, for example, View all Campaign dashboards or at the content level to view a specific Campaign dashboard, edit a specific investigation, or trigger a remote action.
When you share a content item with a role, you can review and manage the permissions on the Roles page:
Set permissions on selected (content items) enables users to change permissions for selected content items of the feature, for example, specific campaigns or remote actions.
Add (content items) enables users to add specific content items to the feature, for example, specific investigations or live dashboards.
Depending on your feature-level permissions, you can select or deselect permissions for each content item.
Specify permissions for each feature of the product:
You may see permissions for features that you have not subscribed to or technical previews you are not participating in. Refer to the licenses your company has purchased from Nexthink.
Administrator rights enable users; this requires full View domain access:
Create and manage content.
Create and manage other user accounts.
Create and manage roles and permissions.
Configure the product.
Create and manage connectors.
Manage the product license.
Access the Audit Trail API. Requires a local user.
Manage all custom fields enables users to create, edit and delete custom fields, as well as to set values for manual custom fields.
To delete custom fields, users also need the Manage all ratings permission.
Users that don't have Manage all custom fields permission enabled but have permission to View all checklists (see Diagnostics permissions) can still see custom field values in checklists.
Manage all custom trend data enables users to create daily snapshots of existing data and observe their evolution over time, for up to 13 months. Requires full View domain access and Run investigations permission.
Manage all NQL API queries enables users to:
Create new Nexthink Query Language (NQL) API queries
Update all existing NQL API queries
Read all NQL API queries
Delete all NQL API queries
Manage all ratings enable users to create, edit and delete ratings. Requires Manage all custom fields permission. Users that don't have this permission enabled but have the Run investigations permission can still see rating values when writing NQL investigations.
Manage collectors enables users to configure the Collector update groups. Requires full View domain access.
Retrieve and anonymize data (GDPR) enables users to:
Retrieve all the personal data linked to a user or a device.
Anonymize all the data linked to a user or a device.
Configure data retention. Refer to the Data management (GDPR) documentation for more information.
View audit logs in NQL enables users to view all Infinity audit events using NQL.
View all platform logs in NQL enables using NQL to view all platform logs, such as custom trends computation, data export, and so on. Requires full View domain access.
Manage all alerts enables users; this requires full View domain access:
Create new alerts.
Edit all existing alerts.
Delete all alerts.
Share all alerts.
View all alert dashboards enables users to monitor all alerts in the overview dashboard. Users that don’t have this permission enabled but have the Run investigations permission still have access to the Alerts data using NQL or Device View.
View Diagnostics dashboards enables users to see the Diagnostics panel to identify possible causes of issues.
Manage Amplify enables users to configure the Amplify Information Technology Service Management (ITSM) integration browser extension. It requires the Data Privacy to be set to None or Anonymous users.
View Amplify enables users to access the Amplify ITSM browser extension. It requires the Data Privacy to be set to None or Anonymous users.
View installed packages in Amplify enables users to see the Packages tabs in the Amplify extension to display with all installed applications and updates for the target device.
Manage all applications enables users; this requires full View domain access:
Create new applications.
Edit all existing applications.
Delete all applications.
Share all applications.
Publish
View all application dashboards enables users to monitor all applications on the Overview page and on all Applications dashboards. Users who don’t have that permission enabled but have the Run investigations permission still have access to the Applications data when using NQL or Device View.
Manage all campaigns enables users; this requires full View domain access:
Create new campaigns.
Edit all existing campaigns.
Delete all campaigns.
Share all campaigns.
Publish all campaigns.
Configure campaign branding.
Trigger manually all campaigns enables users to trigger all manual campaigns from the Investigation module.
View all campaign dashboards enables users to see the results of all campaigns. Requires full View domain access.
Requires the Collaboration Experience license.
View all collaboration tools dashboards enables users to see the Collaboration Tools module and associated dashboards.
Manage all checklists enables users to:
Create new checklists.
Edit all existing checklists.
Delete all checklists.
Share all checklists.
View all checklists enables users to view all checklists in the Device View. You can also map specific checklists to the role using the checklist content-sharing feature.
View device view enables users to access the device timeline and checklists for detailed troubleshooting and analysis of the device.
The role requires full View domain access for Digital Experience permissions.
Manage Digital Experience Score enables users to configure the list of applications and the score metrics monitored in the Digital Experience module.
View Digital Experience dashboard enables users to monitor the digital employee experience (DEX). Requires Experience Central license.
Create private investigations; use global search enables users to create, edit, and execute investigations using NQL. It provides access to global search.
Manage shared investigations enables users to:
Edit all shared investigations.
Delete all shared investigations.
Share all shared investigations.
Share private investigations enables users to share the investigations they have created with other users of Nexthink.
View Nexthink Assist (technical preview) allows users to interact with the AI-based system for writing NQL queries and other Nexthink platform help-related topics.
View shared investigations enables users to view all shared investigations.
Import custom packs enables users to import third-party custom packs to their Nexthink environment.
Manage all custom packs enables users to create custom packs of content (Live dashboards, remote actions and so on) and publish them to other Nexthink environments.
Manage all dashboards enables users; this requires Run investigations permission:
Create new dashboards.
Edit all existing dashboards.
Delete all dashboards.
Share all dashboards.
View all dashboards enables users to view all dashboards created in the system.
View all Nexthink Library content enables users to access the in-product Nexthink Library where they can view all the pre-configured content offered by Nexthink. Users with this permission also need the Manage all ... permissions of the specific features for which they want to install the library content. For example, Manage all remote actions to install the content for remote actions.
Execute all remote actions enables users to execute all remote actions.
Manage all remote actions enables users; this requires full View domain access:
Create new remote actions.
Edit all existing remote actions.
Delete all remote actions.
Share remote actions from the Remote Actions Administration page. Refer to the Manage remote actions documentation for more information.
View all remote action dashboards enables users to see all executions of remote actions in the overview dashboard. Users who do not have this permission but have the Run investigations permission still have access to all remote action results using NQL.
Manage all software metering enables users to:
Create new software metering.
Edit all existing software metering.
Delete all software metering.
View Software metering dashboards enables users to see the Software metering overview page, as well as individual software metering pages.
Requires the Nexthink Flow license.
Execute all workflows enables users to run all workflows. Requires full View domain access.
Manage all workflows enables users; this requires full View domain access:
Create new workflows.
Edit all existing workflows.
Delete all workflows.
Share all workflows.
View all workflows dashboards enables users to see all workflow executions on the Workflows administration page. Users that do not have this permission enabled but have the Run investigations permission still have access to all workflow execution results using NQL.
RELATED TASKS