To use the eADM , each user must be assigned a role. This role determines what you can view and do within the system by placing you in a permission hierarchy.
eADM permission model is based on six distinct roles. In this hierarchy, each role inherits all the permissions of the roles below it.
The six roles are:
-
Employee
-
Superuser
-
Manager
-
Service Desk User
-
Administrator
-
Partner Administrator
A Closer Look: Service Desk vs. Administrator Roles
Although there are six roles, many users interact most frequently with the Service Desk and Administrator roles. Understanding the difference is key to knowing who can assist you and what changes they can make.
The Service Desk User Role
Think of the Service Desk User as a role designed for user support and day-to-day administration. This role can view all user information and perform key administrative tasks, such as managing passwords and permissions, but does not have access to core system configuration.
Key Permissions and Capabilities:
-
View All User Information: A Service Desk user can search for and view the details of any user account within their organization. This is useful for troubleshooting and answering questions.
-
Change Passwords for Users: They can reset passwords for other users in the organization.
-
Manage User Permissions: They can manage access permissions for users.
-
View Organizational Structure: They can view details about departments, groups, and the organization's overall profile.
-
No Core Configuration Changes: A Service Desk user cannot modify the core settings of eADM, such as synchronization rules or system integrations.
This role is ideal for help desk staff and junior administrators who handle day-to-day user management tasks but are not responsible for the overall administration of the eADM .
The Administrator User Role
The Administrator User has nearly full access to all features and settings within a single organization in eADM. This role is intended for trusted individuals who manage the configuration and security of the identity system.
Key Permissions and Capabilities:
-
Full User and Group Management: An administrator can perform all the actions of a Service Desk user.
-
System Configuration: Administrators can configure all core aspects of the eADM for their organization. This includes managing the organization profile, synchronization rules, message templates, and access control settings.
-
Assigning Roles: An administrator can add or remove permissions for other users up to and including their own permission level. For example, they can assign the Manager or Service Desk role but cannot assign the Partner Administrator role.
This powerful role is typically reserved for senior IT staff responsible for managing the organization's identity and access platform.
Comprehensive Permissions Table
Please refer to the official permissions table for information on what each role can and cannot do within the application:
|
|
Employee |
Superuser |
Manager |
Service Desk |
Administrator |
Partner Administrator |
|
My Profile |
|
|
|
|
|
|
|
My profile |
✅ |
✅ |
✅ |
✅ |
✅ |
✅ |
|
Change your password |
✅ |
✅ |
✅ |
✅ |
✅ |
✅ |
|
See our privacy statement |
✅ |
✅ |
✅ |
✅ |
✅ |
✅ |
|
View system information (About eAdm) |
✅ |
✅ |
✅ |
✅ |
✅ |
✅ |
|
See organizational information |
|
|
✅ |
✅ |
✅ |
✅ |
|
General settings for your account |
✅ |
✅ |
✅ |
✅ |
✅ |
✅ |
|
|
|
|
|
|
|
|
|
USER |
|
|
|
|
|
|
|
Search for and view users |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
View user details |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
View user rights |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
See positions |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
View personal data |
|
|
✅ |
✅ |
✅ |
✅ |
|
See job details |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
View group memberships |
|
|
✅ |
✅ |
✅ |
✅ |
|
View tasks and messages for the user |
|
|
✅ |
✅ |
✅ |
✅ |
|
View source data (raw data) for the user |
|
|
✅ |
✅ |
✅ |
✅ |
|
View user history |
|
|
✅ |
✅ |
✅ |
✅ |
|
View password history |
|
|
✅ |
✅ |
✅ |
✅ |
|
Change passwords for other users |
|
|
✅ |
✅ |
✅ |
✅ |
|
Edit user permissions |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
Create a manual user |
|
|
|
✅ |
✅ |
✅ |
|
Edit manual user |
|
|
|
✅ |
✅ |
✅ |
|
Upload manual users |
|
|
|
|
✅ |
✅ |
|
|
|
|
|
|
|
|
|
GROUPS |
|
|
|
|
|
|
|
Search and view groups |
|
|
|
✅ |
✅ |
✅ |
|
View group details and members |
|
|
|
✅ |
✅ |
✅ |
|
View source data (raw data) for the group |
|
|
|
✅ |
✅ |
✅ |
|
View group history |
|
|
|
✅ |
✅ |
✅ |
|
See where "group" is used |
|
|
|
✅ |
✅ |
✅ |
|
Add or remove group members |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
Create/edit manual group |
|
|
|
|
✅ |
✅ |
|
Upload manual groups |
|
|
|
|
✅ |
✅ |
|
|
|
|
|
|
|
|
|
DEPARTMENTS |
|
|
|
|
|
|
|
Search and view departments |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
View department hierarchy |
✅ |
✅ |
✅ |
✅ |
✅ |
✅ |
|
See department details |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
View employees in a department |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
View source data (raw data) for the department |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
See department history |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
Create/edit manual department |
|
|
|
✅ |
✅ |
✅ |
|
Upload manual departments |
|
|
|
|
✅ |
✅ |
|
|
|
|
|
|
|
|
|
ACCESS CONTROL |
|
|
|
|
|
|
|
Search in Access Collections |
|
|
|
✅ |
✅ |
✅ |
|
See details for the access collection |
|
|
|
✅ |
✅ |
✅ |
|
Create/edit access collection |
|
|
|
|
✅ |
✅ |
|
Wizard for assigning rights |
|
✅ |
✅ |
✅ |
✅ |
✅ |
|
|
|
|
|
|
|
|
|
SYNCHRONIZATION |
|
|
|
|
|
|
|
View synchronization status/history |
|
|
|
✅ |
✅ |
✅ |
|
See synchronization templates |
|
|
|
✅ |
✅ |
✅ |
|
Create/edit synchronization template |
|
|
|
|
✅ |
✅ |
|
View/edit import filter |
|
|
|
|
✅ |
✅ |
|
View/edit synchronization notifications |
|
|
|
|
✅ |
✅ |
|
View/edit synchronization cycle |
|
|
|
|
✅ |
✅ |
|
Edit synchronization steps |
|
|
|
|
|
✅ |
|
Test import file |
|
|
|
|
|
✅ |
|
|
|
|
|
|
|
|
|
EHUB (Forms and Data) |
|
|
|
|
|
|
|
View and fill out forms |
✅ |
✅ |
✅ |
✅ |
✅ |
✅ |
|
Search in submitted form data |
|
|
✅ |
✅ |
✅ |
✅ |
|
See details for form data |
|
|
✅ |
✅ |
✅ |
✅ |
|
See form templates |
|
|
|
✅ |
✅ |
✅ |
|
Create/edit form template |
|
|
|
|
✅ |
✅ |
|
|
|
|
|
|
|
|
|
SYSTEM ADMINISTRATION |
|
|
|
|
|
|
|
View logs (Audit, Security, Error) |
|
|
|
|
✅ |
✅ |
|
View and edit customer configuration |
|
|
|
|
|
✅ |
|
See reports |
|
|
|
|
|
✅ |
|
Test export |
|
|
|
|
|
|
|
Import roles |
|
|
|
|
|
|
|
Manage system fields |
|
|
|
|
|
|
Important Rules and Conditions
The permissions listed above are subject to the following conditions:
User Access Scope
-
Limited Scope: Superusers and managers can only perform actions (such as changing passwords) on users who belong to the specific groups and departments to which they have been granted access.
-
Full Scope: Service Desk users and administrators can view and manage all users across their entire organization.
Assigning Permissions
A user can grant or revoke permissions for other users, but only up to their own permission level.
Example: A manager can assign the Employee and Superuser roles but cannot assign the Administrator role.
Definition of "Organization Details"
Warning: The "Administer organization details" permission is a high-level privilege. It refers to managing the following critical system components:
-
Organization Profile
-
Synchronization and rule sets
-
Message and export templates
-
Access control
-
Manual objects