Configure user permissions

Patchdeck has a fine-grained permission system you can use to configure who access to systems, groups and patch policies. By default members of the built-in “Account Admins” group have access to everything. All other users have only access to things they created themselves. For example, a system added to the console by installing the agent can only be managed by the user who run the installation by providing the client id and client secret values.

To collaborate on patching your environment you can configure access permissions for systems, system groups or patch policies. For all these object you find this button on the detail page: 

On the page to manage permissions you can see which users and groups currently have permission to manage this object, remove existing permissions or add new ones.

Permissions for patch policies and system group need to be granted for each individual object. For systems you can also use groups to dynamically handle permissions for a larger number of objects. For example, if you have multiple users group who manage Windows systems in your environment you can create a user group fro them, e.g. “Windows Admins”. You can then create a system group, e.g. “Windows Systems” and give the user group permissions on this system group. Now you can add all your Windows systems to these group and your Windows admins will have access to these systems. If you remove a system from the group the access is automatically revoked. Please note that permissions to a system that are inherited through a system group as in this example do not allow to manage permissions on the system. All other actions are allowed via these inherited permissions, e.g. apply patches, rebooting, attaching to a patch policy, etc.