Skip to main content

Managing Permissions in ScrewDrivers v7 Administration Console

Overview

The ScrewDrivers v7 Administration console includes a robust permission system that allows you to control what users can view and modify. This enables you to delegate administrative tasks to technical staff without granting unrestricted access, following the principle of least privilege.

With the permissions system, you can:

  • Grant read-only access for monitoring and reporting
  • Allow specific users to manage printer assignments without modifying objects
  • Create custom permission sets tailored to your organizational roles
  • Assign permissions to individual users, groups, or organizational units
  • Combine multiple permissions to create flexible access control

Understanding Permission Levels

ScrewDrivers v7 includes six default permission levels, numbered 0 through 5. Each level builds upon the previous one, with higher numbers granting more capabilities.

Default Permission Levels

Level 0 - No Access User

  • No access to editing the console
  • Cannot view or modify any settings
  • Effectively blocks console access

Level 1 - Read Only User

  • Can view the console
  • Cannot make any changes
  • Useful for monitoring, reporting, or auditing
  • Perfect for help desk staff who need visibility without modification rights

Level 2 - Assignment User

  • Can create, edit, and delete printer assignments
  • Can assign printers to users, groups, OUs, and custom owners
  • Cannot create or modify printer objects, drivers, or other infrastructure
  • Ideal for help desk or junior administrators who manage user printer access

Level 3 - Object User

  • Can create, edit, and delete assignments (same as Level 2)
  • Can create and edit printer objects (Print Server printers, Direct IP printers)
  • Can create and edit custom owners
  • Cannot modify global settings or permissions
  • Suitable for administrators who manage printer infrastructure

Level 4 - Admin

  • Full access to the console
  • Can perform all administrative tasks
  • Cannot change user permissions
  • Appropriate for senior administrators who shouldn't manage access control

Level 5 - Super Admin

  • Unrestricted access to the console
  • Can perform all administrative tasks
  • Can modify user permissions and assign permission levels
  • Reserved for system administrators and designated ScrewDrivers administrators
Super Admin Access

Only grant Super Admin (Level 5) permissions to trusted administrators. This level can assign permissions to anyone, including themselves, and has complete control over the ScrewDrivers environment.

Available Permissions

The ScrewDrivers Administration console provides granular control over specific capabilities. Here's the complete list of available permissions:

Permission Categories

The permissions are organized by functional area:

Printer Management

  • Create Printers: Add new Print Server or Direct IP printer objects
  • Edit Printers: Modify existing printer objects
  • Delete Printers: Remove printer objects from the system
  • View Printers: See printer objects and their properties

Printer Assignments

  • Create Assignments: Assign printers to users, groups, OUs, or custom owners
  • Edit Assignments: Modify existing printer assignments
  • Delete Assignments: Remove printer assignments
  • View Assignments: See which printers are assigned to which users/groups

Driver Management

  • Import Drivers: Add printer drivers to the database
  • Edit Drivers: Modify driver properties or settings
  • Delete Drivers: Remove drivers from the system
  • View Drivers: See available drivers

Profile Management

  • Create Profiles: Create new printer profiles with predefined settings
  • Edit Profiles: Modify existing printer profiles
  • Delete Profiles: Remove printer profiles
  • View Profiles: See available printer profiles

Owner Management

  • Create Custom Owners: Create custom assignment targets
  • Edit Custom Owners: Modify custom owner definitions
  • Delete Custom Owners: Remove custom owners
  • View Custom Owners: See custom owner configurations

System Management

  • Global Settings: Modify system-wide ScrewDrivers settings
  • Print Server Configuration: Configure Print Server properties
  • Database Settings: Modify database connection or settings
  • Licensing: View or modify license configuration

Permission Management

  • View Permissions: See permission assignments and levels
  • Edit Permissions: Modify user permission assignments (Super Admin only)

Creating Custom Permission Levels

While the six default levels cover most scenarios, you can create custom permission sets for specific organizational needs.

Step 1: Create New Permission

Right-click on UI Permissions in the Administration console and select New UI Permission.

Step 2: Name the Permission

Enter a descriptive name for the custom permission level. Choose names that clearly indicate the purpose or role:

Good Examples:

  • "Help Desk - Printer Assignment"
  • "Junior Admin - Limited"
  • "Reporting - Read Only Plus"
  • "Department Manager - View Only"

Poor Examples:

  • "Custom1"
  • "Test"
  • "Bob's Permissions"

Click Add to create the permission.

Step 3: Configure Permission Settings

By default, all new custom permissions have all options disabled. This ensures you explicitly grant only the permissions needed.

Enable the specific permissions needed for this role:

  1. Select the custom permission from the list
  2. Check each permission box you want to grant
  3. Leave all other permissions unchecked
  4. Click Save to apply the configuration

Example Custom Permissions

Help Desk Technician:

  • ✓ View Printers
  • ✓ View Assignments
  • ✓ Create Assignments
  • ✓ Edit Assignments
  • ✓ Delete Assignments
  • ☐ All other permissions disabled

Department Manager (Read-Only Plus):

  • ✓ View Printers
  • ✓ View Assignments
  • ✓ View Profiles
  • ✓ View Custom Owners
  • ✓ View Permissions
  • ☐ All other permissions disabled

Printer Administrator:

  • ✓ View/Create/Edit/Delete Printers
  • ✓ View/Create/Edit/Delete Assignments
  • ✓ View/Import/Edit Drivers
  • ✓ View/Create/Edit/Delete Profiles
  • ☐ Global Settings disabled
  • ☐ Permission management disabled

Assigning Permissions to Users

Permission assignment in ScrewDrivers v7 works the same way as printer assignment, using drag-and-drop or selection methods.

Assignment Methods

You can assign permissions to:

Individual Users

  • Drag a permission level and drop it on a specific user account
  • Useful for exceptions or unique roles

User Groups

  • Assign permissions to Active Directory security groups
  • All group members inherit the permission
  • Easiest method for managing multiple users

Organizational Units (OUs)

  • Assign permissions to entire OUs
  • All users in the OU receive the permission
  • Good for location or department-based access

Custom Owners

  • Assign permissions based on custom logic
  • Most flexible but requires more setup

Assigning a Permission

Method 1: Drag and Drop

  1. Navigate to the Permissions tab in the Administration console
  2. Select a permission level from the left panel
  3. Drag the permission to a user, group, or OU in the right panel
  4. Drop to assign

Method 2: Direct Assignment

  1. Right-click on a user, group, or OU
  2. Select Assign Permission
  3. Choose the permission level from the dropdown
  4. Click Apply

Verifying Assignments

After assigning permissions:

  1. The user, group, or OU shows the assigned permission level
  2. Members of assigned groups or OUs inherit the permissions
  3. Users can log into the ScrewDrivers Administration console and see only the features they have permission to access

Permission Inheritance and Combination

Understanding how permissions combine is critical for secure and effective access control.

Multiple Permission Assignments

A user can have multiple permissions assigned through different methods:

  • Direct assignment to their user account
  • Membership in one or more groups with permissions
  • Membership in an OU with permissions
  • Custom owner logic that applies to them

Permission Combination Rules

When a user has multiple permission assignments, ScrewDrivers combines them using these rules:

Enabled permissions take precedence

  • If any assigned permission enables a capability, the user has that capability
  • Disabled permissions don't remove capabilities granted by other assignments
  • This is an additive permission model

Example:

  • User is in "Help Desk" group with permission to edit assignments
  • User is also in "Reporting" group with read-only access
  • Result: User can both view AND edit assignments (enabled permission wins)
Best Practice

Assign the most restrictive base permission, then add specific capabilities through group membership. This makes permission management more predictable and easier to audit.

Testing Combined Permissions

To verify effective permissions for a user:

  1. Note all groups the user is a member of
  2. Note any direct permission assignments
  3. List all permissions from each assignment
  4. Any permission enabled by ANY assignment is granted
  5. Test by logging in as the user (or using a test account with identical assignments)

Security Best Practices

Principle of Least Privilege

Grant users only the minimum permissions needed for their role:

  • Start with read-only access
  • Add specific create/edit/delete permissions as needed
  • Avoid granting Admin or Super Admin unless absolutely necessary

Regular Permission Audits

Periodically review permission assignments:

  • Remove permissions from users who changed roles
  • Verify group memberships are current
  • Check for overly permissive custom permissions
  • Document the purpose of each custom permission level

Separation of Duties

Consider separating sensitive capabilities:

  • Different administrators for printer objects vs. assignments
  • Separate permission management from infrastructure management
  • Isolate global settings access to senior administrators

Monitoring and Logging

Enable and review audit logging:

  • Track who makes changes in the Administration console
  • Monitor permission assignments and modifications
  • Alert on Super Admin permission assignments
  • Review logs for unexpected changes

Common Permission Scenarios

Scenario 1: Help Desk Printer Support

Requirement: Help desk technicians need to assign and unassign printers for users but shouldn't modify printer objects or global settings.

Solution: Use "Assignment User" (Level 2) or create a custom permission:

  • ✓ View Printers
  • ✓ View Assignments
  • ✓ Create Assignments
  • ✓ Edit Assignments
  • ✓ Delete Assignments

Scenario 2: Department Manager Visibility

Requirement: Department managers need to see which printers their team has but shouldn't make any changes.

Solution: Use "Read Only User" (Level 1) or create a custom read-only permission for specific areas.

Scenario 3: Junior Administrator Training

Requirement: Train a junior administrator with full console access but prevent them from changing permissions.

Solution: Use "Admin" (Level 4), which grants full access except permission management.

Scenario 4: Third-Party Support

Requirement: External support vendor needs to troubleshoot printer issues but shouldn't access sensitive settings.

Solution: Create a custom permission with:

  • ✓ View Printers
  • ✓ View Assignments
  • ✓ View Drivers
  • ✓ View Profiles
  • ☐ No create/edit/delete permissions
  • ☐ No global settings access

Troubleshooting Permission Issues

User Can't Access Administration Console

Symptom: User can't open or see anything in the Administration console.

Solutions:

  • Verify the user has at least Level 1 (Read Only) permissions
  • Check that permission assignments are saved
  • Confirm the user is in assigned groups (for group-based assignments)
  • Verify the Administration console is properly installed on the user's machine

User Has Unexpected Permissions

Symptom: User can perform actions they shouldn't be able to do.

Solutions:

  • Review all permission assignments (direct, group, OU)
  • Remember that enabled permissions from ANY source grant access
  • Check for hidden group memberships
  • Verify custom permission configurations are correct

Changes Not Taking Effect

Symptom: Permission changes don't apply immediately.

Solutions:

  • Have the user close and reopen the Administration console
  • Verify changes were saved (check for save confirmation)
  • Allow time for Active Directory replication (for group-based assignments)
  • Check for cached permissions in the console

Can't Assign Super Admin Permission

Symptom: Unable to assign Super Admin (Level 5) permission.

Solutions:

  • Verify you're logged in with Super Admin permissions yourself
  • Only Super Admin can assign Super Admin to others
  • Check that your own permission hasn't been revoked
  • Contact current Super Admin if locked out