Access to the Open Mobile Portal is governed by a set of controls known as RBAC (role-based access control). Users are assigned to roles, which are composed of privileges. Each privilege enables a set of functions on the Open Mobile Portal.
You can assign and manage roles for your own Portal users, as well as those of your customers.
Roles are comprised of privileges, which enable access to specific tasks or views in the Open Mobile Portal. Privileges always enable, and never disable, access. For example, users in a role with Privileges A and B can perform tasks A and B. A privilege will never prevent a user from performing a task, or cancel other privileges.
Privileges cannot be assigned directly to users. Instead, privileges are included in roles, which are then assigned to users.
The scope of a privilege defines its domain of influence over users in parent and child companies. A privilege's scope may be indicated by a prefix before its name.
| Prefix | Naming | A user having a privilege with this prefix can affect… |
|---|---|---|
| None | None | A function in the same company |
| ^: | Delegated | A function in the same or child company |
| *: | iPass | A function in any company |
| v: | Customer | A function in any child company |
For a table of which privileges are required for which Open Mobile Portal page, please click here: Open Mobile Portal Privileges Table
To assign roles to a company:
Roles come in several types.
Viewer/Manager Roles: Many paired roles enable either the viewing or the viewing/management of a particular Open Mobile feature (for example, Profile Viewer and Profile Manager). In these cases, the Viewer role is subsumed in the Manager role, so a user with a Manager role does not also need the corresponding Viewer role.
Customer Roles: Internal roles that have access to all companies other than iPass.
Delegated Roles: Some roles have a standard version as well as a delegated version, used for partner customers only. The delegated version of the role enables the same privileges as the standard version, but for any child company as well. (Roles intended exclusively for resellers have no non-delegated version.)
Compound Roles: Roles can be compounded from other roles. For example, you could define a compound role called “Profile Designer” that would include all roles appropriate to the creation and administration of profiles, such as Profile Manager, Client Brand Designer, and Template Manager. Any number of roles can be compounded into a single role.
iPass provisions roles for a company on the Open Mobile Portal. The following table defines roles available for assignment to iPass customers.
| Role | Tasks Permitted | Delegated Version? | Request Only? |
|---|---|---|---|
| Account Preferences Manager | Edit and view Account Preferences | No | N/A |
| Account Settings Viewer | View Account Settings | No | N/A |
| Android Package Manager | View and edit Android Package, and view your company. | No | N/A |
| Bill Viewer | View Invoices & Payment links on the Account tab. | Yes | No |
| Client Brand Designer | Create branding for an iPass Open Mobile client. | Yes | No |
| Contact Manager | Edit company address and company contacts. | Yes | No |
| Contact Viewer | View company address and company contacts. | Yes | No |
| Delegated Account Preferences Manager | View your company or child company. View and edit Account Preferences | Yes | N/A |
| Delegated Android Package Manager | View and edit Android Package, and view your company or child company | Yes | N/A |
| Delegated Bill Viewer | View your company or child company. View invoice, account balance, payment history, voucher, distinct users. Download monthly CDRs. | Yes | N/A |
| Delegated Child Account Manager | Manage accounts of a child company. | N/A | No |
| Delegated Company Role Manager | Assign roles to child companies. | No | No |
| Delegated Contact Manager | View your company or child company. View and edit address. Create, view, edit, and delete contact. | Yes | N/A |
| Delegated Contact Viewer | View your company or child company. View address and contact. | Yes | N/A |
| Delegated Directory Viewer | View global and custom directories (for your company and its child companies) | Yes | N/A |
| Delegated Directory Manager | Upload and view custom directories (for your company and its child companies) | Yes | N/A |
| Delegated Domain Purchaser | View your company or child company. Create and view additional domain orders for child companies. Customer domain view for child companies. | Yes | N/A |
| Delegated Domain Viewer | View your company or child company. View customer domains and additional domain orders for child companies. | Yes | N/A |
| Delegated Hosted End User Admin | View your company or child company. View profile for all child companies. View and edit hosted end user. View auto-generated password. Download profile | Yes | N/A |
| Delegated Hosted End User Viewer | View your company or child company. View and download profile for child company. View hosted end user. | Yes | N/A |
| Delegated Mobile Data Manager | View your company or child company. Activate, deactivate, edit, and view device. | Yes | N/A |
| Delegated Mobile Subscription Manager | View your company or child company. View and edit MobileMapping. | Yes | N/A |
| Delegated ODF Integrator | View your company or child company. Create, edit, and view ODF. | Yes | N/A |
| Delegated Order Manager | Place & view orders for company and child companies | NA | NA |
| Delegated Order Viewer | View all orders from company & child companies | N/A | N/A |
| Delegated Portal Brand Designer | View your company or child company. View, edit, and publish Portal brand. | Yes | N/A |
| Delegated Profile Manager | View, edit, delete, publish profiles for child companies. View templates, customer domain, brand, client brand, and MobileMapping. Download and recover profiles, and view profile history. | Yes | N/A |
| Delegated Profile Subscription Manager | View, add, delete. and test your company or child company LDAP groups. View RSRM server info. | Yes | N/A |
| Delegated Profile Subscription Viewer | View and test your company or child company LDAP groups. View RSRM server info. | Yes | N/A |
| Delegated Profile Viewer | View profiles created by child companies, search by profile ID (for child companies) | Yes | No |
| Delegated RoamServer Monitor | Test your company and child company RoamServer (if View RoamServer Info privileges are given). | Yes | N/A |
| Delegated Template Manager | Manage templates. (Required to create service packages.) | Yes | No |
| Delegated Test Profile Viewer | Content Pending | Content Pending | Content Pending |
| Delegated Ticket Viewer | View your company or child company. View ticket for child companies. | Yes | N/A |
| Delegated User Admin | View, edit, and delete company or child user. Delegated to view, edit, and delete role. Delegated to edit user role. Content Pending. | Content Pending | Content Pending |
| Directory Manager | Create custom directories. | Yes | No |
| Directory Viewer | View custom directories. | Yes | No |
| Domain Purchaser | Request a new domain. | Yes | No |
| Domain Viewer | View domain requests. | Yes | No |
| Hosted End User Admin | View your company. View and download profile. View and edit hosted end user. View auto-generated password. | No | N/A |
| Hosted End User Viewer | View your company, profile, and hosted end user. Also, download profile. | No | N/A |
| Mobile Data Manager | Activate, deactivate, edit, and view device. | No | N/A |
| Mobile Subscription Manager | Manage mobile device numbers for reporting. | Yes | No |
| ODF Integrator | Create custom ODF files and see the ODF Sample Library. | Yes | No |
| Order Manager | Place and view orders | N/A | N/A |
| Order Viewer | View all order requests from company | N/A | N/A |
| Partner Service Package Assigner | View SQM Reports, Portal Brand, Client Bradn, Service Package. Assign Service Package. | No | N/A |
| Partner Service Package Manager | View your company or child company, SQM Reports, Portal Brand, Client Brand. View and edit Service Package. Delegated Upload Dashboard. | No | N/A |
| Portal Brand Designer | Brand the Portal. | Yes | Yes |
| Profile Manager | Create and edit profiles. Publish profiles to Test and Production. Delete profiles that are published to test. Migrate profiles. | Yes | No |
| Profile Subscription Manager | View, add, and delete Profile Subscription Group. View and edit Client Auth Settings. Test LDAP Group and view RSRM server info. | No | N/A |
| Profile Subscription Viewer | View profile Subscription Group, client Auth Settings, RSRM server info, and test LDAP group | No | N/A |
| Profile Viewer | View profiles. | Yes | No |
| Report Viewer | View all reports in the Reports tab. | Yes | No |
| RoamServer Monitor | View and test RoamServer info, and view TransServer | No | N/A |
| Template Manager | Manage templates. (Required to create service packages.) | Yes | No |
| Test Profile Manager | Create and edit profiles. Publish profiles to test. | Yes | No |
| Ticket Manager | Manage tickets in the Portal Dashboard. | Yes | No |
| Ticket Viewer | View tickets in the Portal Dashboard. | Yes | No |
| Trial User | View Profile | No | N/A |
| User Admin | Create users and roles. Note: For a company to create users and assign roles, it must be assigned User Admin (or Delegated User Admin.) | Yes | No |
| White Label Manager | View and edit Product | No | N/A |
| White Label Viewer | View Product | No | N/A |
Grouping existing capabilities into multi-purpose compound roles can address the needs of your Portal users as well as those of your customers.
iPass resellers supply and resell Open Mobile services and have a complex set of needs. Partners are able to push settings down to their customers, as well as act on behalf of their customers for purposes of troubleshooting and configuration assistance. A number of Delegated roles support these needs.
This compound role will enable delivery administrators to have full control of the Portal, as well as their customers who utilize the service. Create the Administrator compound role with the following roles:
These two compound roles include appropriate roles for different levels of support staff.
This compound role provides read-only access to customer accounts and should include these roles:
These compound roles for support levels 2 and 3 enable support staff to edit customer settings. These should only be provided to employees with proper training in the operation of Open Mobile. They should include these roles:
Your child customers generally have two distinct needs – the need to self-manage the service capabilities, and the need to provide first level support and audit. We recommend that the following two compound roles be created for your child customers: Administrator and Help Desk. In addition, these roles can be re-assigned to the child accounts of direct customers. Open Mobile supports the creation of custom grouping and the re-use of roles definitions. As a result, this step can be performed once and applied to all accounts.
This compound role will enable administrators to configure Open Mobile, perform reporting and troubleshooting, and generally manage the day-to-day needs of the iPass service. Roles typically assigned to a customer administrator role include:
Including few manager roles, this compound role will enable audit personnel to access reports, troubleshoot, and perform other valuable tasks in Open Mobile without risking operational settings. Roles assigned to the Help Desk compound role should include:
Go to: Other Product Documents > Tech Notes