Open Mobile Roles for iPass Resellers

Access to the Open Mobile Portal is governed by a set of controls known as RBAC (role-based access control). Users are assigned to roles, which are composed of privileges. Each privilege enables a set of functions on the Open Mobile Portal.

You can assign and manage roles for your own Portal users, as well as those of your customers.

Privileges

Roles are comprised of privileges, which enable access to specific tasks or views in the Open Mobile Portal. Privileges always enable, and never disable, access. For example, users in a role with Privileges A and B can perform tasks A and B. A privilege will never prevent a user from performing a task, or cancel other privileges.

Privileges cannot be assigned directly to users. Instead, privileges are included in roles, which are then assigned to users.

The scope of a privilege defines its domain of influence over users in parent and child companies. A privilege's scope may be indicated by a prefix before its name.

Prefix Naming A user having a privilege with this prefix can affect…
None None A function in the same company
^: Delegated A function in the same or child company
*: iPass A function in any company
v: Customer A function in any child company

For a table of which privileges are required for which Open Mobile Portal page, please click here: Open Mobile Portal Privileges Table

Assigning Roles to a Company

To assign roles to a company:

  1. On the Open Mobile Portal, click Account.
  2. In the navigation menu, click Manage Customer Roles.
  3. Select or search for the customer to which you wish to assign roles. Then, under Action, click Manage.
  4. Using the arrow keys, select and then move roles from the Available Roles column to the Assigned Roles column.
  5. When role assignments are complete, click Save.

For a company to create users and assign roles, it must be assigned User Admin or Delegated User Admin.

Role Types

Roles come in several types.

Viewer/Manager Roles: Many paired roles enable either the viewing or the viewing/management of a particular Open Mobile feature (for example, Profile Viewer and Profile Manager). In these cases, the Viewer role is subsumed in the Manager role, so a user with a Manager role does not also need the corresponding Viewer role.

Customer Roles: Internal roles that have access to all companies other than iPass.

Delegated Roles: Some roles have a standard version as well as a delegated version, used for partner customers only. The delegated version of the role enables the same privileges as the standard version, but for any child company as well. (Roles intended exclusively for resellers have no non-delegated version.)

Compound Roles: Roles can be compounded from other roles. For example, you could define a compound role called “Profile Designer” that would include all roles appropriate to the creation and administration of profiles, such as Profile Manager, Client Brand Designer, and Template Manager. Any number of roles can be compounded into a single role.

Company Roles

iPass provisions roles for a company on the Open Mobile Portal. The following table defines roles available for assignment to iPass customers.

  • Role: Name of the role and if there is a delegated version.
  • Tasks Permitted: Tasks permitted to users assigned to the role.
  • Delegated Version: If Yes, a corresponding Delegated version of this role exists. (For example, Bill Viewer and Delegated Bill Viewer.)
  • Request Only: If Yes, the role is not enabled by default, and must be requested by customers.
Role Tasks Permitted Delegated Version? Request Only?
Account Preferences Manager Edit and view Account Preferences No N/A
Account Settings Viewer View Account Settings No N/A
Android Package Manager View and edit Android Package, and view your company. No N/A
Bill Viewer View Invoices & Payment links on the Account tab. Yes No
Client Brand Designer Create branding for an iPass Open Mobile client. Yes No
Contact Manager Edit company address and company contacts. Yes No
Contact Viewer View company address and company contacts. Yes No
Delegated Account Preferences Manager View your company or child company. View and edit Account Preferences Yes N/A
Delegated Android Package Manager View and edit Android Package, and view your company or child company Yes N/A
Delegated Bill Viewer View your company or child company. View invoice, account balance, payment history, voucher, distinct users. Download monthly CDRs. Yes N/A
Delegated Child Account Manager Manage accounts of a child company. N/A No
Delegated Company Role Manager Assign roles to child companies. No No
Delegated Contact Manager View your company or child company. View and edit address. Create, view, edit, and delete contact. Yes N/A
Delegated Contact Viewer View your company or child company. View address and contact. Yes N/A
Delegated Directory Viewer View global and custom directories (for your company and its child companies) Yes N/A
Delegated Directory Manager Upload and view custom directories (for your company and its child companies) Yes N/A
Delegated Domain Purchaser View your company or child company. Create and view additional domain orders for child companies. Customer domain view for child companies. Yes N/A
Delegated Domain Viewer View your company or child company. View customer domains and additional domain orders for child companies. Yes N/A
Delegated Hosted End User Admin View your company or child company. View profile for all child companies. View and edit hosted end user. View auto-generated password. Download profile Yes N/A
Delegated Hosted End User Viewer View your company or child company. View and download profile for child company. View hosted end user. Yes N/A
Delegated Mobile Data Manager View your company or child company. Activate, deactivate, edit, and view device. Yes N/A
Delegated Mobile Subscription Manager View your company or child company. View and edit MobileMapping. Yes N/A
Delegated ODF Integrator View your company or child company. Create, edit, and view ODF. Yes N/A
Delegated Order Manager Place & view orders for company and child companies NA NA
Delegated Order Viewer View all orders from company & child companies N/A N/A
Delegated Portal Brand Designer View your company or child company. View, edit, and publish Portal brand. Yes N/A
Delegated Profile Manager View, edit, delete, publish profiles for child companies. View templates, customer domain, brand, client brand, and MobileMapping. Download and recover profiles, and view profile history. Yes N/A
Delegated Profile Subscription Manager View, add, delete. and test your company or child company LDAP groups. View RSRM server info. Yes N/A
Delegated Profile Subscription Viewer View and test your company or child company LDAP groups. View RSRM server info. Yes N/A
Delegated Profile Viewer View profiles created by child companies, search by profile ID (for child companies) Yes No
Delegated RoamServer Monitor Test your company and child company RoamServer (if View RoamServer Info privileges are given). Yes N/A
Delegated Template Manager Manage templates. (Required to create service packages.) Yes No
Delegated Test Profile Viewer Content Pending Content Pending Content Pending
Delegated Ticket Viewer View your company or child company. View ticket for child companies. Yes N/A
Delegated User Admin View, edit, and delete company or child user. Delegated to view, edit, and delete role. Delegated to edit user role. Content Pending. Content Pending Content Pending
Directory Manager Create custom directories. Yes No
Directory Viewer View custom directories. Yes No
Domain Purchaser Request a new domain. Yes No
Domain Viewer View domain requests. Yes No
Hosted End User Admin View your company. View and download profile. View and edit hosted end user. View auto-generated password. No N/A
Hosted End User Viewer View your company, profile, and hosted end user. Also, download profile. No N/A
Mobile Data Manager Activate, deactivate, edit, and view device. No N/A
Mobile Subscription Manager Manage mobile device numbers for reporting. Yes No
ODF Integrator Create custom ODF files and see the ODF Sample Library. Yes No
Order Manager Place and view orders N/A N/A
Order Viewer View all order requests from company N/A N/A
Partner Service Package Assigner View SQM Reports, Portal Brand, Client Bradn, Service Package. Assign Service Package. No N/A
Partner Service Package Manager View your company or child company, SQM Reports, Portal Brand, Client Brand. View and edit Service Package. Delegated Upload Dashboard. No N/A
Portal Brand Designer Brand the Portal.Yes Yes
Profile Manager Create and edit profiles. Publish profiles to Test and Production. Delete profiles that are published to test. Migrate profiles. Yes No
Profile Subscription Manager View, add, and delete Profile Subscription Group. View and edit Client Auth Settings. Test LDAP Group and view RSRM server info. No N/A
Profile Subscription Viewer View profile Subscription Group, client Auth Settings, RSRM server info, and test LDAP group No N/A
Profile Viewer View profiles. Yes No
Report Viewer View all reports in the Reports tab. Yes No
RoamServer Monitor View and test RoamServer info, and view TransServer No N/A
Template Manager Manage templates. (Required to create service packages.) Yes No
Test Profile Manager Create and edit profiles. Publish profiles to test. Yes No
Ticket Manager Manage tickets in the Portal Dashboard. Yes No
Ticket Viewer View tickets in the Portal Dashboard. Yes No
Trial User View Profile No N/A
User Admin Create users and roles. Note: For a company to create users and assign roles, it must be assigned User Admin (or Delegated User Admin.) Yes No
White Label Manager View and edit Product No N/A
White Label Viewer View Product No N/A

Recommended Role Assignments

Grouping existing capabilities into multi-purpose compound roles can address the needs of your Portal users as well as those of your customers.

Partner Roles

iPass resellers supply and resell Open Mobile services and have a complex set of needs. Partners are able to push settings down to their customers, as well as act on behalf of their customers for purposes of troubleshooting and configuration assistance. A number of Delegated roles support these needs.

Partners who utilize Open Mobile services themselves should duplicate the Customer Administrator role given on page 6 for their internal IT staff, to ensure their administrators can manage their own Open Mobile requirements without having access to services utilized by customers.

Administrator Compound Role

This compound role will enable delivery administrators to have full control of the Portal, as well as their customers who utilize the service. Create the Administrator compound role with the following roles:

  • Bill Viewer
  • Client Brand Designer
  • Contact Manager
  • Contact Viewer
  • Delegated Bill Viewer
  • Delegated Company Role Manager
  • Delegated Contact Manager
  • Delegated Contact Viewer
  • Delegated Directory Manager
  • Delegated Directory Viewer
  • Delegated Domain Purchaser
  • Delegated Domain Viewer
  • Delegated ODF Integrator
  • Delegated Profile Manager
  • Delegated Profile Viewer
  • Delegated RoamServer Manager
  • Delegated Report Viewer
  • Delegated Template Manager
  • Delegated Test Profile Manager
  • Delegated Ticket Viewer
  • Delegated User Admin
  • Directory Manager
  • Directory Viewer
  • Domain Viewer
  • ODF Integrator
  • Profile Manager
  • Profile Viewer
  • RoamServer Monitor
  • Report Viewer
  • Template Manager
  • Test Profile Manager
  • Ticket Manager
  • Ticket Viewer
  • User Admin

Support Roles: Level 1 and Level 2

These two compound roles include appropriate roles for different levels of support staff.

Support Level 1

This compound role provides read-only access to customer accounts and should include these roles:

  • Bill Viewer
  • Contact Viewer
  • Custom Install Packager Viewer
  • Delegated Bill Viewer
  • Delegated Contact Viewer
  • Delegated Directory Viewer
  • Delegated Domain Viewer
  • Delegated ODF Integrator
  • Delegated Profile Viewer
  • Delegated Report Viewer
  • Delegated Ticket Viewer
  • Directory Viewer
  • Domain Viewer
  • ODF Integrator
  • Profile Viewer
  • Report Viewer
  • Ticket Viewer
Levels 2 and 3

These compound roles for support levels 2 and 3 enable support staff to edit customer settings. These should only be provided to employees with proper training in the operation of Open Mobile. They should include these roles:

  • Bill Viewer
  • Contact Manager
  • Contact Viewer
  • Delegated Bill Viewer
  • Delegated Company Role Manager
  • Delegated Contact Manager
  • Delegated Contact Viewer
  • Delegated Directory manager
  • Delegated Directory Viewer
  • Delegated Domain Purchaser
  • Delegated Domain Viewer
  • Delegated ODF Integrator
  • Delegated Profile Manager
  • Delegated Profile Viewer
  • Delegated Report Viewer
  • Delegated Template Manager
  • Delegated Test Profile Manager
  • Delegated Ticket Viewer
  • Delegated User Admin
  • Directory Manager
  • Directory Viewer
  • Domain Viewer
  • ODF Integrator
  • Profile Viewer
  • Report Viewer
  • Template Manager
  • Test Profile Manager
  • Ticket Manager
  • Ticket Viewer

Child Customer Roles

Your child customers generally have two distinct needs – the need to self-manage the service capabilities, and the need to provide first level support and audit. We recommend that the following two compound roles be created for your child customers: Administrator and Help Desk. In addition, these roles can be re-assigned to the child accounts of direct customers. Open Mobile supports the creation of custom grouping and the re-use of roles definitions. As a result, this step can be performed once and applied to all accounts.

Administrator Compound Role

This compound role will enable administrators to configure Open Mobile, perform reporting and troubleshooting, and generally manage the day-to-day needs of the iPass service. Roles typically assigned to a customer administrator role include:

  • Client Brand Designer
  • Contact Manager
  • Contact Viewer
  • Directory Manager
  • Directory Viewer
  • Domain Viewer
  • ODF Integrator
  • Profile Manager
  • Report Viewer
  • Template Manager
  • Test Profile Manager
  • Ticket Viewer
  • User Admin

Help Desk Compound Role

Including few manager roles, this compound role will enable audit personnel to access reports, troubleshoot, and perform other valuable tasks in Open Mobile without risking operational settings. Roles assigned to the Help Desk compound role should include:

  • Contact Manager
  • Contact Viewer
  • Custom Install Packager Viewer
  • Directory Viewer
  • Domain Viewer
  • ODF Integrator
  • Report Viewer
  • Template Manager
  • Test Profile Manager

Go to: Other Product Documents > Tech Notes

 

©2015 iPass Inc. All rights reserved. Terms of Use