How Role Based Administration Works

Version 13



    This document explains the capabilities of Role Based Administration in Protect.


    Explanation of how Role Based Administration works


    You can assign different roles to different users of Shavlik Protect . This enables you to make the program available to a wide variety of people within your organization while maintaining control over its use. The role assigned to a user determines what that particular user can do.

    When Shavlik Protect is launched it checks if role-based administration is enabled. If so, the program then looks to see if the current user has been assigned a role. If the user has been assigned a role, the program grants that user access to only those features allowed by their role. For example, you may have a number of users who are allowed to create reports, but only one or two users who have permission to deploy patches.  The following types of Role Definitions are available:

    • Administrator: Full access to all features of the program. Only an administrator user can modify the roles assigned to other users.
    CAUTION! If you assign the Administrator role to only one user, make sure you know how to log on to the console machine using that user. Otherwise it is possible to lock yourself out from certain features, with the only solution being to reinstall the program.
    • Full User: Access to all features except for the ability to administer roles.
    • Scan and Report Only: Can perform patch scans and can generate reports.
    • Deploy and Report Only: Can perform patch deployments and can generate reports.
    • Report Only: Can generate reports

    Features that are not available due to role limitations will be either grayed out or removed from the interface. If a user has not been assigned a role they will not be able to start the program. It is not possible for a user to switch roles while within the program.

    Role-based administration is initially disabled. Until you enable this feature, all users will have full access to the program. You enable and configure role-based administration via the Manage > User Roles Assignment menu. See Assigning User Roles and Enabling and Disabling Role-based Administration for detailed information.


    User Role Assignment requires each user to be a local administrator to the Protect server machine otherwise this function will not work as expected.

    Affected Product(s)

    Shavlik Protect 9.x