Ticket: 251889 - FR: Specific permission for viewing device lock pins

Status	Submitted By	Submitted On	Last Updated	Discussion Thread
Success	kevinmcox	2023-11-18	2024-01-12	N/A

Ticket Summary / Intial Message:

In our old MDM we were able to separate the permissions for locking a Mac and viewing the lock pin.

This allowed us to grant certain admins (tier 1 help desk) the ability to lock a device, but require them to escalate internally to a higher level admin to view pins.

We’d like to request Mosyle add this feature. This could be accomplished with a specific role permission under Management / Settings similar to ‘Wipe.’

‘Create’ or ‘Update’ permission would allow a device to be locked while ‘View’ permission would allow the PIN to be accessed.

Some users could then lock but not view the pin, while others could view an existing pin but not initiate locks.

Please let me know if you have any questions.

Thanks, Kevin

Updates

Date 2024-01-12

From:	kevinmcox
	It looks like our feature request in Ticket 251889 was implemented. I’ll admit it did take us by surprise when existing admins had their permissions changed without warning. Overall, we’re glad to see the permission added though. I wanted to confirm the behavior please. ‘Lock Device’ has the option to grant ‘View’ and ‘Update’ permissions (but not ‘Create’ or ‘Delete’). Can you confirm that granting ‘Update’ permissions will give someone the ability to Lock devices but not view the codes; and granting ‘View’ will give someone the ability to reveal existing PIN codes but not lock devices? Thanks, Kevin

From:

kevinmcox

It looks like our feature request in Ticket 251889 was implemented. I’ll admit it did take us by surprise when existing admins had their permissions changed without warning. Overall, we’re glad to see the permission added though.

I wanted to confirm the behavior please.

‘Lock Device’ has the option to grant ‘View’ and ‘Update’ permissions (but not ‘Create’ or ‘Delete’).

Can you confirm that granting ‘Update’ permissions will give someone the ability to Lock devices but not view the codes; and granting ‘View’ will give someone the ability to reveal existing PIN codes but not lock devices?

Thanks,
Kevin

Date 2024-01-12

From:	Mosyle Support
	We hope you are having a wonderful Friday, you are indeed correct. To confirm, ‘Update’ permissions will give someone the ability to Lock devices but not view the codes. By granting ‘View’ permissions, the admin will get the ability to reveal existing PIN codes but not lock devices. We hope this may assist to help clarify. If you have any further questions please reach back out. Thank you!

From:

Mosyle Support

We hope you are having a wonderful Friday, you are indeed correct. To confirm, ‘Update’ permissions will give someone the ability to Lock devices but not view the codes. By granting ‘View’ permissions, the admin will get the ability to reveal existing PIN codes but not lock devices.

We hope this may assist to help clarify. If you have any further questions please reach back out. Thank you!