Skip to content
English
Go to senturo.com
  • There are no suggestions because the search field is empty.

Understanding Roles & Permissions

Role-Based Access Control in Senturo

Introduction

Senturo uses role-based access control to manage what team members can see and do within the platform. This article explains each role's capabilities and helps you assign the appropriate permissions to your team members.

Available Roles Overview

Owner: Full access to every area of the platform, including organization-wide settings

Group Admin: Similar to Admin but with additional access to user management and can assign users to device groups

Admin: High-level access excluding user and org settings

Investigator: Designed for those who need full visibility but not full administrative control

Analyst: View-only access across most areas, with limited mass action permissions

Broadcaster: Limited to viewing and managing broadcast templates and messages

Remote: Primarily for offsite or delegated use cases, with limited permissions

Device Management Permissions

Viewing and Editing Capabilities

Full Access (View/Edit):

  • Owner, Group Admin, Admin, Investigator: Quick Filters, Custom Filters, Groups, Tags, Notes
  • Remote: Quick Filters, Custom Filters, Groups, Tags

View Only:

  • Analyst: Groups, Tags, Notes, Location History, Network, Screenshots, Actions, Policies, Broadcaster
  • Broadcaster: Quick Filters, Custom Filters, Groups, Tags
  • All roles: Location History, Network, Screenshots, Actions, Policies, Broadcaster (where applicable)

No Access:

  • Broadcaster: Notes, Location History, Network, Screenshots, Actions, Policies
  • Remote: Notes, Network, Screenshots, Actions, Policies, Broadcaster

Mass Actions Permissions

Device Control Actions

Change Security Status:

  • ✅ Owner, Group Admin, Admin, Investigator
  • ❌ Analyst, Broadcaster, Remote

Remote Lock:

  • ✅ Owner, Group Admin, Admin, Investigator, Remote
  • ❌ Analyst, Broadcaster

Remote Wipe:

  • ✅ Owner, Group Admin, Admin, Investigator, Remote
  • ❌ Analyst, Broadcaster

MDM Remote Lock/Wipe:

  • ✅ Owner, Group Admin, Admin, Investigator, Remote
  • ❌ Analyst, Broadcaster

MDM Lost Mode:

  • ✅ Owner, Group Admin, Admin, Investigator
  • ❌ Analyst, Broadcaster, Remote

Administrative Actions

Automation Pulse:

  • ✅ Owner, Group Admin, Admin, Investigator
  • ❌ Analyst, Broadcaster, Remote

Download Report:

  • ✅ Owner, Group Admin, Admin, Investigator
  • ❌ Analyst, Broadcaster, Remote

Move to Group:

  • ✅ All roles

Request Data:

  • ✅ Owner, Group Admin, Admin, Investigator
  • ❌ Analyst, Broadcaster, Remote

Assign to User:

  • ✅ Owner, Group Admin, Admin
  • ❌ Investigator, Analyst, Broadcaster, Remote

Add Tags:

  • ✅ Owner, Group Admin, Admin, Remote
  • ❌ Investigator, Analyst, Broadcaster

Add Notes:

  • ✅ Owner, Group Admin, Admin
  • ❌ Investigator, Analyst, Broadcaster, Remote

Delete Tracking Data:

  • ✅ Owner, Group Admin
  • ❌ Admin, Investigator, Analyst, Broadcaster, Remote

Delete Devices:

  • ✅ Owner, Group Admin
  • ❌ Admin, Investigator, Analyst, Broadcaster, Remote

Broadcast Permissions

Edit Table View:

  • ✅ Owner, Group Admin, Admin, Broadcaster
  • ❌ Investigator, Analyst, Remote

Delete Table View:

  • ✅ Owner, Group Admin, Admin
  • ❌ Investigator, Analyst, Broadcaster, Remote

Edit Calendar View:

  • ✅ Owner, Group Admin, Admin, Broadcaster
  • ❌ Investigator, Analyst, Remote

Delete Calendar View:

  • ✅ Owner, Group Admin, Admin
  • ❌ Investigator, Analyst, Broadcaster, Remote

Edit Template:

  • ✅ Owner, Group Admin, Admin, Broadcaster
  • ❌ Investigator, Analyst, Remote

Delete Template:

  • ✅ Owner, Group Admin, Admin, Broadcaster
  • ❌ Investigator, Analyst, Remote

Create New Message/Broadcast:

  • ✅ Owner, Group Admin, Admin, Broadcaster
  • ❌ Investigator, Analyst, Remote

Security Policies Permissions

View Table:

  • ✅ Owner, Group Admin, Admin, Investigator, Analyst
  • ❌ Broadcaster, Remote

Edit Table:

  • ✅ Owner, Group Admin, Admin
  • ❌ Investigator, Analyst, Broadcaster, Remote

Delete Table:

  • ✅ Owner, Group Admin, Admin
  • ❌ Investigator, Analyst, Broadcaster, Remote

Add Policy:

  • ✅ Owner, Group Admin, Admin
  • ❌ Investigator, Analyst, Broadcaster, Remote

Other Permissions

Device Enrollment:

  • ✅ Owner, Group Admin, Admin
  • ❌ Investigator, Analyst, Broadcaster, Remote

Audit Log:

  • ✅ Owner, Group Admin, Admin, Investigator, Analyst
  • ❌ Broadcaster, Remote

Integrations (connect/edit):

  • ✅ Owner, Group Admin, Admin
  • ❌ Investigator, Analyst, Broadcaster, Remote

Notification Center:

  • ✅ Owner, Group Admin, Admin
  • ❌ Investigator, Analyst, Broadcaster, Remote

Org Settings:

  • ✅ Owner only
  • ❌ All other roles

Choosing the Right Role

Assign Owner to:

  • Organization administrators who need complete control
  • Primary account holders
  • Those managing billing and organization settings

Assign Group Admin to:

  • Department heads managing their team's devices
  • IT managers who need to manage users and devices
  • Those who need Admin permissions plus user management

Assign Admin to:

  • Senior IT staff
  • Security team leaders
  • Those needing broad access without org settings

Assign Investigator to:

  • Security analysts conducting investigations
  • Compliance officers
  • Those needing full visibility for auditing

Assign Analyst to:

  • Junior IT staff
  • Help desk personnel
  • Those who monitor but don't need to make changes

Assign Broadcaster to:

  • Communication coordinators
  • Those responsible for device messaging
  • Staff managing emergency broadcasts

Assign Remote to:

  • Third-party support staff
  • Temporary consultants
  • Those who only need basic device control actions

Best Practices

Principle of Least Privilege:

  • Start with the minimum required permissions
  • Upgrade roles only when necessary
  • Review role assignments regularly

Role Assignment Guidelines:

  • Document why each person has their assigned role
  • Limit Owner and Group Admin roles to essential personnel
  • Use Analyst role for new team members during training

Security Considerations:

  • Regularly audit user roles and permissions
  • Remove access promptly when team members leave
  • Monitor the audit log for unauthorized actions

Changing User Roles

To modify a user's role after initial assignment:

  1. Navigate to Account Settings
  2. Select the Role Management tab
  3. Find the user in the Current Users list
  4. Click the three-dot menu next to the user
  5. Select Edit
  6. In the Edit Users Info modal:
    • Update First Name or Last Name if needed
    • Select the new role from the Role dropdown
    • Click Save
  7. Changes take effect immediately

Conclusion

Understanding Senturo's role-based permissions ensures your team has appropriate access to perform their duties while maintaining security. Regularly review and adjust roles as team responsibilities evolve.

FAQs

Q: Can a user have multiple roles? A: No, each user can only have one role at a time. Choose the role that best matches their primary responsibilities.

Q: What's the difference between Group Admin and Admin? A: Group Admin has all Admin permissions plus the ability to manage users and assign them to device groups. Admin cannot manage user accounts.

Q: Can I create custom roles? A: Currently, Senturo offers six predefined roles. Custom roles are not available.

Q: Who can change user roles? A: Only users with Owner or Group Admin roles can modify other users' roles.