SafeConsole has three default roles: Admin, Manager, and Support. The Custom Role-Based Admin System allows for the creation of new roles with customizable permissions for each new role. When creating a new role, the Admin has the option to choose which paths, sections of the server, and actions the Role has available in all sections. This increased freedom to customize the server will grant Global Admins the ability to delegate the correct powers, ensuring efficiency and safeguarding against any unwelcome mistakes. 


Warning: It should be noted that it is highly recommended that this feature is left on after being enabled. Switching between enabled and disabled is strongly discouraged.


Enabling Custom Role-Based Security:

  1. Log in as the Owner account for your SafeConsole Server. 

  2. Click Admins in the side menu

  3. Scroll down and Check the box for Enable Custom Role-Based Security System, located in the Custom Role-Based Security Settings section. *Please note that it is not recommended to switch the server back and forth between the Role Based Security System enabled and disabled*




To create a new Role:

  1. Log in as a Global Admin and click Admins on the side menu 

  2. Click the Roles tab

  3. Click Add New

  4. You now have the option of creating a Global Role, or a Custom Path Role

    • Global Roles will have the power to see and manage devices on all paths

    • Custom Path Roles can only manage delegated paths

  5. Selecting the down arrow next to All will expand the list of actions to the main sub-folders

    • Selecting the checkbox next to a folder will enable all of the actions in the folder for the new role

    • Expanding each folder will allow the selection of individual permitted actions for the new role 

  6. After selecting the permissions required for the role, choose a name for the role and click Save 

    • The role will now show up in the Admin Roles list and is available to be assigned to active admins

    • The newly created role is available to be edited and can be switched from a Global Role to a Custom Path Role

    • None of the default Admin Roles may be modified or deleted


Brief Role FAQ

  • OU, User, Admin, and Device actions all contain similar permissions. Each section defines the role’s ability to see and find details about the server’s paths, users, admins, and devices. The role can also control how the admin interacts with the pieces of the server, such as defining whether or not the admin can add, modify, or remove paths, users, admins, and devices. 

  • Policy actions deal with the policies connected to the server paths. The role can determine the admin's ability to get and modify the default policy. The role also determines if the admin can create, modify, and remove custom policies. 

  • Device and Admin log only have one action each: get log. This action allows the role to determine if the admin has access to device and/or admin logs.  

  • Certificate actions are for zonebuilder certificates. Controls adding, removing, and seeing zonebuilder certificates.

  • License info actions include get license info, and modify license info. Get license info allows the admin to view the license info page, which contains the account number, who the server is licensed to, etc. Modify license info allows the admin to refresh the license, or install a new one. 

  • Server Properties Actions include get access, read, and modify server properties. Get access and read server properties are both required actions to view the server settings page. Modify server properties determines whether or not the admin can change server settings. 

  • Geolocation Data actions provide access to the geolocation page and settings. Get access, get geolocation data list, and read geolocation data elements are all required to view the geolocation data page and the settings on it. Add, modify, and delete geolocation data all determine the admin's ability to change settings on the geolocation page.

  • Security Data actions are custom role access. Controls adding, removing, modifying, and accessing custom role sets.

  • Other actions are limited to email provision guide send. Email provision guide send allows the admin to send the quick connect guide to users.