Janeiro 16, 2019

Introducing Role-Based Access Control (RBAC) for Knox Cloud Services

Samsung Knox News

Introduction

The Samsung Knox Cloud Services (KCS) team is pleased to introduce a new Role-Based Access Control (RBAC) capability that allows customer (tenant) admins who are responsible for account creation (Super Admin) to assign more refined role permissions to individual admins as their specific enterprise requirements dictate. Though each supported Knox Cloud Service, Knox Configure (KC), Knox Mobile Enrollment (KME), Knox Guard (KG), and the Reseller Portal (RP) utilizes admin roles unique to that service, a Super Admin cuts across all services.

With the new RBAC service, existing customers will have their administrators migrated automatically with the next Knox Cloud Service release in Q1 2019. Administrators with their own unique set of permissions (manage administrators, delete devices etc.) will be assigned new roles that map to their current permissions. If needed, new roles beyond what the migrated admins are currently assigned can be created based on a list of permissions unique for each service.

Keep in mind, the only role that cannot be assigned is the Super Admin role, which applies across all supported services. Only one person can assume a Super Admin role per company. Upon migration, the Super Admin role is assigned to the person who originally created the customer account. The Super Admin role receives every permission available.

 

Migrate existing admins to Role-Based Access Control (RBAC)

Each service has different permissions available to its administrators. Every combination of service permissions is mapped to a different role. The role names are generic by default, but can be modified based on your organization’s naming requirements.

For example, a KME admin with the ability to invite other admins will be mapped to “KME Role 1”. Or a KC Admin with the ability to both (i) delete and (ii) unassign profiles from devices will be mapped to “KC Role 2”. Impacted KCS Admin Guides will be updated with the details of these mappings when RBAC is released later in Q1.

However, for KG and its large number of permission combinations, there is no mapping table. The easiest way to ascertain which permission the role has, is to click on the role name in the Roles table.

 

Create a role and assign permissions

Each Knox Cloud Service has different permissions that can be combined and assigned a role. The following role creation example is from the Knox Mobile Enrollment console.

 

 

Once the required Role name is defined, specific permissions can be selected by category as needed for the particular role. New administrator roles receive some basic permissions by default, but additional permissions require assignment for individual roles. Keep in mind, a role must be first created before an administrator can be invited to that role.

The console navigation and screens required for role and administrator invitation vary slightly amongst impacted services.

 

Invite a user to be an administrator with a defined role

Existing users require an invitation to become an administrator. However, as noted previously, a role must first be created that can be assigned to the administrator. Provide the name and Email address serving as the administrator’s contact resource, then select the Role assignment for this specific administrator.

 

Viewing Roles

Once roles have been created and assigned to administrators, they can be reviewed to assess whether the role name requires modification or its permissions need refinement.

 

 

More than one administrator can be assigned the same role. The number of administrators assigned a particular role displays as a link that can selected to view the names of the assigned administrators.

 

User interface customization for particular roles

Each KCS console will be customized for each role, depending on the permissions granted. For example, an Admin without Administration Privileges will not display “Administrators & Roles” in the left-hand navigation menu.

 

What’s next

Over time, the KCS team will be expanding the permissions available to a Super Admin. The updates will be communicated in a timely manner.

[Icon] fechar

Comece a usar o Samsung Knox

[Icon] mala
Você é revendedor, provedor de soluções ou provedor de serviços?

Torne-se um parceiro Knox e comece a expandir seus negócios hoje.

[Icon] informações

Selecione um produto Knox para começar:

Pacote completo
Knox Suite
Reformulação da marca e personalização
Knox Configure
Proteção contra fraude e roubo
Knox Guard
Plano de proteção do dispositivo
Samsung Care+ for Business
Outros produtos e serviços

Comece a usar o

[Image] Knox Suite

Pacote de solução multifuncional para mobilidade empresarial.

  • Obtenha uma avaliação gratuita de 90 dias para até 30 dispositivos.
  • Um conjunto completo de ferramentas para proteger, implantar, gerenciar e analisar seus dispositivos corporativos.
  • Experimente os recursos poderosos fornecidos com o Knox Suite.

O Knox Suite inclui:

Knox Mobile Enrollment Gratuito
Knox Manage
Knox E-FOTA
Knox Asset Intelligence
Knox Platform for Enterprise Gratuito
Knox Remote Support
Knox Capture
Knox Authentication Manager

Comece a usar o

[Image] Logotipo do Knox Configure

Reformule e personalize seus dispositivos Samsung.

  • Obtenha uma avaliação gratuita de 90 dias para até 30 dispositivos.
  • Configure remotamente dispositivos Samsung em massa e adapte-os às necessidades específicas, imediatamente.
  • Configure seus dispositivos para implantação única ou atualize-os quantas vezes quiser.

Comece a usar o

[Icon] Logotipo do Knox Guard

Proteção contra fraude e roubo para dispositivos Samsung.

  • Obtenha uma avaliação gratuita de 90 dias para até 30 dispositivos.
  • Reduza os riscos financeiros e proteja os ativos por meio do controle remoto dos dispositivos Samsung.
  • Experimente todos os recursos do Knox Guard, inclusive controle do SIM e bloqueio de dispositivo.

Comece a usar o

[Image] Logotipo do Samsung Care Plus for Business

Planos de proteção para seus dispositivos Samsung.

  • Limite as interrupções dos negócios com trocas e reparos rápidos de dispositivo. Entre em contato com a equipe de vendas da Samsung para começar.
  • Veja todas as informações sobre reivindicações e cobertura do dispositivo em um só lugar.
  • Já adquiriu o Samsung Care+ for Business? Crie uma conta e acesse seu plano no console do Samsung Care+ for Business.

Outros produtos e serviços

[Image] Outros logotipos

Soluções modernas para atender às suas necessidades exclusivas.

CONTATO PARA VENDAS