Skip to content
English
  • There are no suggestions because the search field is empty.

Understanding Roles & Permissions

Role-Based Access Control in Senturo

Overview

Senturo uses role-based access control (RBAC) to determine what each team member can see and do within the platform. Assigning the right role ensures your team can perform their responsibilities effectively while keeping sensitive actions and settings appropriately restricted.

This article covers the Owner account, all seven assignable roles, their permissions across each area of the platform, and guidance on choosing the right role for each team member.


Available Roles

Senturo has one account-level role and seven assignable roles:

Role Type Best For
Owner Account The account created during setup. Has full platform access and can invite all other roles.
Group Admin Assignable IT managers who need Admin permissions plus user and role management
Admin Assignable Senior IT staff with broad device and platform management access
Helpdesk Assignable IT support staff who need hands-on device control without platform configuration access
Investigator Assignable Security analysts and compliance officers who need full visibility
Analyst Assignable Junior staff or monitors who need read-only access
Broadcaster Assignable Staff responsible for managing device messaging and broadcasts
Remote Assignable Third-party consultants or temporary staff with limited device control

Permissions by Area

Device Management

Permission Owner Group Admin Admin Helpdesk Investigator Analyst Broadcaster Remote
View Quick Filters / Custom Filters
View Groups & Tags
Edit Groups
Edit Tags
View Notes
Edit Notes
View Location History
View Network Info
View Screenshots
View Policies

Mass Actions — Device Control

Action Owner Group Admin Admin Helpdesk Investigator Analyst Broadcaster Remote
Change Security Status
Remote Lock
Remote Wipe
MDM Remote Lock / Wipe
MDM Lost Mode
Move to Group

Mass Actions — Administrative

Action Owner Group Admin Admin Helpdesk Investigator Analyst Broadcaster Remote
Automation Pulse
Download Report
Request Data
Assign to User
Add Groups
Add Tags
Add Notes
Device Enrollment
Delete Tracking Data
Delete Devices

Broadcasts

Permission Owner Group Admin Admin Helpdesk Investigator Analyst Broadcaster Remote
View Table & Calendar
Edit Table & Calendar
Delete Table & Calendar
View Templates
Edit Templates
Delete Templates
Create & Send Broadcasts

Security Policies

Permission Owner Group Admin Admin Helpdesk Investigator Analyst Broadcaster Remote
View Policies
Edit Policies
Delete Policies
Add Policies

Platform & Account

Permission Owner Group Admin Admin Helpdesk Investigator Analyst Broadcaster Remote
Audit Log
Notification Center
Integrations (connect/edit)
Role Management
Org Settings

Choosing the Right Role

The Owner account can invite users and assign any of the seven roles below based on each team member's responsibilities.

Assign Group Admin to:

  • IT managers who oversee other users and device groups
  • Those who need Admin-level access plus the ability to manage roles

Assign Admin to:

  • Senior IT staff managing devices, policies, and integrations
  • Security team leads who don't need to manage users

Assign Helpdesk to:

  • IT support staff handling day-to-day device issues
  • Those who need to locate devices, change security status, lock or wipe devices, and enroll new devices — but should not be able to modify policies or platform settings

Assign Investigator to:

  • Security analysts conducting device investigations
  • Compliance officers who need full visibility but shouldn't make administrative changes

Assign Analyst to:

  • Junior IT staff or monitoring personnel
  • Those who need to view device data without making any changes

Assign Broadcaster to:

  • Communication coordinators managing device messaging
  • Staff responsible for emergency or scheduled broadcasts

Assign Remote to:

  • Third-party support staff or temporary consultants
  • Those who only need basic device control (lock, wipe, move to group)

Best Practices

Principle of Least Privilege Always assign the minimum role required for a team member's responsibilities. Promote to a higher role only when a specific need arises, and review role assignments regularly.

Role Assignment Tips

  • Limit Group Admin, and Admin roles to essential personnel
  • Use the Helpdesk role for support staff who need active device control without access to destructive actions or platform configuration
  • Use the Analyst role for new team members during onboarding and training
  • Remove access promptly when team members leave the organization

Security

  • Review user roles regularly
  • Monitor the Audit Log for unexpected or unauthorized actions
  • Enable multi-factor authentication (MFA) for all users, especially those with Admin-level roles or above

How to Change a User's Role

  1. Navigate to Account Settings
  2. Click on the Role Management tab
  3. Find the user in the Current Users list
  4. Click the three-dot menu next to their name
  5. Click on Edit
  6. In the Edit User Info modal, select the new role from the Role dropdown
  7. Click Save

Changes take effect immediately.


Conclusion

Senturo's role-based access control gives you the flexibility to align platform permissions with each team member's responsibilities. Starting with the principle of least privilege and reviewing roles regularly ensures your platform remains both functional and secure.


FAQs

Q: Can a user have multiple roles? A: No, each user is assigned a single role at a time. Choose the role that best reflects their primary responsibilities.

Q: What is the difference between Group Admin and Admin? A: Group Admin includes all Admin permissions, plus the ability to manage users and assign roles. Admin cannot manage user accounts or change role assignments.

Q: What is the difference between Helpdesk and Analyst? A: Helpdesk is an active support role — users can change security status, lock and wipe devices, enroll devices, and send broadcasts. Analyst is read-only; users can view device data but cannot take actions or make changes.

Q: Can I create custom roles? A: Currently, Senturo offers seven assignable roles. Custom roles are not available.

Q: Who can assign or change user roles? A: The Owner account and users with the Group Admin role can invite users and modify role assignments.