What's in this release:
The following are the new features and enhancements introduced with this KCS 1.20 release:
Knox Mobile Enrollment (KME)
1. Limitation added to administrator invitation roles
To avoid the further escalation of Knox Mobile Enrollment administrative roles and permissions issues, an existing admin who does not have a Manage roles permission requires additional restrictions regarding the roles they can assign to other administrators.
With this release, existing administrators without a Manage role permission can only invite admins with a matching set of their own role permissions. As a result, the Invite administrator screen’s Role drop-down menu choices have been customized for the particular role of the admin creating the invitation.
2. View only administrator permission added
This KCS enhancement addresses customer requests to assign an administrator view only permissions. Once assigned, no profile configuration, device, or reseller administration is permitted, just view only access.
When a View only radio button is not selected, all nested options under that category (Profiles, Resellers etc.) are disabled. Additionally, if a radio button has nested options and that category has View only selected, at least one of its permission checkboxes must also be selected.
New roles have View only enabled by default. Existing roles that inherit the new View only permission have it turned off by default to prevent issues.
Manage tags and Manage device users have also been added as additional KME permissions.
3. Limit access to Knox Mobile Enrollment web portal
With this new permission, you can now create a role that can only access KME via the Knox Deployment Application, and not via the web portal.