Settings and Field Details: User Permissions

Bomgar gives administrators granular control over user permissions. This table details the permission settings and fields available to Bomgar administrators.

  Permission User Embassy Embassy User Rep Invite / Session Policy Group Policy

1 

Username
Unique identifier used to log in.

     

2 

Display Names
Representative's name as shown on the public site, in chats, etc. Representatives can use a public display name, for use with customers, and a private display name, for use in all internal communications.

     

3 

Display Number
Type a unique ID number or leave this field blank to automatically select the next available number. This number affects the order in which representatives are listed on the public site.

     

4 

Password
Password used with the username to log in.

     

5 

Email Password to User
Sends an automatic email to the user containing his or her new password. If this option is selected, then the user must reset his or her password at next login. The user's email address must be configured for this feature to work.

     

6 

Must Reset Password at Next Login
Forces a password change the next time the representative logs in.

     

7 

Password Expires On
Causes the password to expire after a given date or to never expire.

     

8 

Security Question
Enables a representative to reset a forgotten password after correctly answering the security question. Passwords may be reset only if Enable Password Reset is checked on the Management > Security page. Admins cannot reset their passwords.

     

9 

Security Answer
Provide a secret answer to the security question. Passwords may be reset only if Enable Password Reset is checked on the Management > Security page. Admins cannot reset their passwords.

     

10 

Email Address
Enables a representative to set an email address by which he or she will receive email notifications, such as password resets or requests to share a session while in extended availability mode.

     

11 

Preferred Email Language
Enables a representative to set a language format preference from the enabled languages for email notifications sent to him or her.

     

12 

Embassy/Policy Name
Create a friendly name for this Embassy, session policy, or group policy.

   

13 

Code Name
Create a code name for integration purposes. If you do not set a code name, one will be created automatically.

     

14 

Persistent Queue
Allows support sessions to remain in this embassy's queue even if no representatives are available. A session transferred to this embassy queue will remain in the queue indefinitely until a team member or API operation handles the session.

       

15 

Embassy Users/Policy Members
Add users to this Embassy or group policy. Local users can be added individually, or users who authenticate against a security provider can be added individually or in groups.

     

16 

Group Policy Memberships
Listing of the group policies to which the user belongs, linking to the Group Policy page or the policies themselves.

       

17 

Support Team Memberships
Listing of the support teams to which the user belongs, linking to the Support Teams page or the teams themselves.

       

18 

Account Expires On
Causes the account to expire after a given date or to never expire.

 

19 

Last Authentication Date
The date and time when this user last logged in.

     

20 

Account Disabled
Disables the account so the representative cannot log in. Disabling does NOT delete the account.

 

21 

Comments/Description
Add comments about the account or policy.

22 

Availability: Users
This policy can be applied to users, embassies, and group policies.

       

23 

Availability: Rep Invite
This policy can be applied to invited representatives.

       

24 

Availability: Jump Clients
This policy can be applied to Jump Clients.

       

25 

Availability: Dependencies
The number of users, public portals, and Jump Clients that are using this policy.

       

26 

Is Administrator
Grants the representative full administrative rights.

     

27 

Allowed to set passwords
Enables the representative to set passwords and unlock user accounts for non-administrative local users.
   

28 

Allowed to Edit Jumpoints
Enables the representative to create or edit Jumpoints. This option does not affect the representative's ability to access remote computers via Jumpoint, which is configured per Jumpoint or group policy.

     

29 

Allowed to Change Display Names
Enables the representative to change his or her display names.

 

30 

Allowed to View Support Session Reports
Enables the representative to run reports on support session activity, viewing only sessions in which he or she was the primary representative, only sessions in which one of his or her teams was the primary team or one of his or her teammates was the primary representative, or all sessions.

     

31 

Allowed to View Support Session Recordings
Enables the representative to view Flash video recordings of screen sharing sessions, Show My Screen sessions, and command shell sessions.

     

32 

Allowed to View Presentation Session Reports
Enables the representative to run reports on presentation activity, viewing only presentations in which he or she was the presenter, only sessions in which one of his or her teammates was the presenter, or all presentations.

     

33 

Allowed to View the License Usage Reports
Enables the representative to run reports on Bomgar license usage.

     

34 

Allowed to Use Reporting API
Enables the representative's credentials to be used to pull XML reports via the API.

     

35 

Allowed to Use Command API
Enables the representative's credentials to be used to issue commands via the API.

     

36 

Allowed to Edit Public Site
Enables the representative to create and modify public site configurations, edit HTML templates, view the translation interface, etc.

     

37 

Allowed to Edit Customer Notices
Enables representatives to create and edit messages used to notify customers, as they are requesting support, of broadly impacting IT outages.

     

38 

Allowed to Edit File Store
Enables the representative to add or remove files from the file store.

     

39 

Allowed to Edit Canned Messages
Enables the representative to create or edit canned chat messages.

     

40 

Allowed to Edit Support Teams
Enables the representative to create or edit support teams.

     

41 

Allowed to Edit Issues
Enables the representative to create and edit issues.

     

42 

Allowed to Edit Skills
Enables the representative to create and edit skills.

     

43 

Allowed to Edit Bomgar Button Profiles
Enables the user to edit the default button or a customized Bomgar Button.

     

44 

Allowed to Edit Canned Scripts
Enables the user to create or edit canned scripts for use in command shell sessions.

     

45 

Allowed to Edit Access Sponsors
Enables the user to create or edit access sponsor teams.

     

46 

Allowed to Show on Public Site
Displays the representative's name on all public sites that have the representative list enabled.

 

47 

Allowed to Edit iOS Profiles
Enables the representative to create, edit and upload Apple iOS Profile content for distribution to iOS device users.

     

48 

Allowed to Provide Remote Support
Enables the representative to use the representative console in order to run support sessions. If support is enabled, options pertaining to remote support will also be available. This option is always enabled for embassies and embassy users. Disable setting for presentation-only representatives.

 

49 

Allowed to Generate Session Keys for Support Sessions
Enables the representative to generate session keys to allow customers to start sessions with him or her directly.

 

50 

Allowed to Generate Access Keys for Sending iOS Profiles
Enables the representative to generate access keys to offer iOS content to iOS device users.

 

51 

Allowed to Participate in the General Queue
Enables the representative to interact with other representatives in the general queue.

 

52 

Allowed to Manually Accept Sessions from a Team/Embassy Queue
Enables the representative to select and start sessions that are in one of his or her team queues.

 

53 

Allowed to Transfer Sessions to Teams Which They Do Not Belong To
Enables the representative to transfer sessions to teams other than his or her own. If disabled, representative interaction is restricted solely to the representative's assigned teams.

 

54 

Allowed to Transfer Sessions to Embassies
Enables the representative to transfer sessions to third-party Embassy team queues.

 

55 

Allowed to Share Sessions with Teams Which They Do Not Belong To
Enables the representative to invite a less limited set of representatives to share sessions, not only their team members or Embassy team members. Combined with the extended availability permission, this permission expands session sharing capabilities.

 

56 

Allowed to Share Sessions with Embassies
Enables the representative to share support sessions with one or more members of a third-party Embassy team.

 

57 

Allowed to Invite External Support Representatives
Enables the representative to invite a third-party representative to participate in a support session one time only.

 

58 

Allowed to Use the Get Next Session Feature
Enables the representative to start supporting the oldest queued session from all of his or her teams simply by clicking a button.

 

59 

Allowed to Enable Extended Availability Mode
Enables the representative to receive email invitations from other representatives requesting to share a session even when he or she is not using the Bomgar Representative Console.

 

60 

Allowed to Edit the External Key
Enables the user to modify the external key from the session info pane of a session within the representative console.

 

61 

Allowed to Opt Out of Session Assignments
Enables the representative to mark himself or herself as unavailable for sessions to be assigned using Equilibrium.

 

62 

Do Not Assign Sessions If the Representative is Participating In
Sets the least number of sessions the representative must be supporting before sessions will no longer be automatically assigned using Equilibrium.

 

63 

Do Not Assign Sessions If the Representative Has been Idle For
Sets the least amount of time the representative must have been idle before sessions will no longer be automatically assigned using Equilibrium.

 

64 

Allowed to Control a Computer Using Intel® vPro Technology
Enables the representative to support a provisioned vPro computer below the operating system level.

 

65 

Allowed to Connect to Computers on a Jumpoint's Network Using Remote Desktop Protocol
Enables the representative to use Bomgar to start a Remote Desktop Protocol (RDP) session with a computer on a remote network.

 

66 

Allowed to Show Screen to Other Representatives
Enables the representative to share his or her screen with another representative without the receiving representative having to join a session. This option is available even if the representative is not in a session.
 

67 

Allowed to Give Control When Showing Screen to Other Representatives
Enables the representative sharing his or her screen to give keyboard and mouse control to the representative viewing his or her screen
 

68 

Allowed to Deploy and Manage Bomgar Buttons in Personal Queue
Enables the representative to deploy and manage personal Bomgar Buttons. This setting affects deploying Bomgar Buttons from both the web interface and the representative console. To deploy a Bomgar Button from within a session, the Bomgar Buttons Deployment session permission must also be allowed.

 

69 

Allowed to Deploy Team Bomgar Buttons
Enables the representative to deploy team Bomgar Buttons for teams they are a member of. This setting affects deploying Bomgar Buttons from both the web interface and the representative console. To deploy a Bomgar Button from within a session, the Bomgar Buttons Deployment session permission must also be allowed.

 

70 

Allowed to Manage Team Bomgar Buttons
Enable the representative to modify the Bomgar Buttons deployed to teams they are a member of. If the representative is a team lead or manager, they can modify the personal Bomgar Buttons of any team members as well.

 

71 

Allowed to Change the Public Portal Associated with Bomgar Buttons
Enables the user to set the public portal through which a Bomgar Button should connect. Because session policies may be applied to public portals, changing the portal may affect the permissions allowed in the session.

 

72 

Allowed to Start Sessions from Jump Clients
Enables the representative to Jump to computers with Jump Clients installed.

 

73 

Allowed to Start Sessions from all Jump Clients within the system
Enables the representative to Jump to remote computers on all team and embassy queues.

 

74 

Allowed to Deploy, Remove and Modify Jump Clients in the Following Queues
Enables the representative to pin sessions, set groups, and add comments to Jump Clients only for his or her personal queue; for team and team members' queues; or for all queues, including those deployed to teams and embassies to which the user does not belong as well as to any representative's personal queue. This setting affects deploying Jump Clients from both the web interface and the representative console. To deploy a Jump Client from within a session, the Jump Clients Pinning/Unpinning session permission must also be allowed.

 

75 

Allowed to Change the Public Portal Associated with Jump Clients
Enables the user to set the public portal through which a Jump Client should connect. Because session policies may be applied to public portals, changing the portal may affect the permissions allowed in the session.

 

76 

Allowed to Change the Session Policy Associated with Jump Clients
Enables the user to set the session policy a Jump Client should use. Changing the session policy may affect the permissions allowed in the session.

 

77 

Allowed to Set Passwords on Jump Clients
Enables the representative to password-protect Jump Clients. Users with permission to modify all Jump Clients, regardless of team membership, can override passwords on individual Jump Clients.

 

78 

Allowed to Modify, Remove, and Start Sessions from Jump Clients without Entering a Password
Enables the representative to access password-protected Jump Clients without needing to know the password.

 

79 

Allowed to Use Shell Jump
Enables the representative to Shell Jump into a network device, provided that user also has access to a Jumpoint with Shell Jump enabled.

 

80 

Allowed to Jump on the Local Network without a Jumpoint
Enables the representative to Jump to an unattended system in the same LAN/VPN.

 

81 

Allowed to Give Presentations
Enables the representative to give presentations to one or more attendees.

     

82 

Allowed to Grant Control to a Presentation Attendee
Enables the representative to grant control of his or her computer to an attendee during a presentation. This setting affects only presentations and does not impact the Show My Screen feature of a support session. Only one attendee at a time can have control. The representative always maintains overriding control.

     

83 

Idle Timeout
Set how long the representative can be idle before being logged out of the representative console. This permission can use the site-wide setting or can override that setting.

 

84 

Attended and Unattended Session Permissions
Set the prompting and permission rules that should apply to this representative's sessions. Choose an existing session policy or define custom permissions for this user. If Not Defined, the global default policy will be used. These permissions may be overridden by a higher policy as described in Session Policies: Set Session Permission and Prompting Rules.

To use the same permissions for both attended and unattended sessions, check Use the same permissions for Unattended sessions. Uncheck this box to define attended and unattended permissions separately. You can also copy the permissions from one to the other.

 

85 

Prompting Rules
Choose to ask the customer permission to use any of the support features below. Select No Prompting to never prompt, Always Prompt to always prompt, or Prompt for Some Tools to choose which permissions to prompt for. If Prompt for Some Tools is chosen, a Prompt Customer option will appear beside each tool with the options to Never prompt or to Always prompt. If Not Defined, this option will be set by the next lower priority policy. This setting my be overridden by a higher priority policy.

86 

Allowed to Prompt Once
If Screen Sharing is set to View and Control and prompting is enabled, this option appears. Check the box to make the screen sharing prompt request access to all tools during the session, with no further prompts.

87 

Prompting Options
Set how long to wait for a response to a prompt before defaulting to the answer of Deny or Allow. If Not Defined, this option will be set by the next lower priority policy. This setting my be overridden by a higher priority policy.

88 

Screen Sharing
Enable the representative to view or control the remote screen. If Not Defined, this option will be set by the next lower priority policy. This setting my be overridden by a higher priority policy.

89 

Application Sharing Prompt Behavior
Set if a request for screen sharing should always or never prompt the customer to select applications to share, or if the representative can choose whether to prompt for application sharing or not.

90 

Allowed Customer Restrictions
Set if the representative can suspend the remote user's mouse and keyboard input. The representative may also prevent the remote user from seeing the active desktop.

91 

Allowed to show his/her screen to the customer
Enables the representative to share his or her screen with the customer during a support session.

92 

Browser Sharing
Enables the representative to browse the same web page the customer is viewing without having control or seeing other applications. If Not Defined, this option will be set by the next lower priority policy. This setting my be overridden by a higher priority policy.

93 

Annotations
Enables the representative to use annotation tools to draw on the remote user's screen. If Not Defined, this option will be set by the next lower priority policy. This setting my be overridden by a higher priority policy.

94 

File Transfer
Enables the representative to upload files to the remote system, download files from the remote system, or both. If Not Defined, this option will be set by the next lower priority policy. This setting my be overridden by a higher priority policy.

95 

Accessible Paths on Customer's Filesystem
Allow the representative to transfer files to or from any directories on the remote system or only specified directories.

96 

Accessible Paths on Representative's Filesystem
Allow the representative to transfer files to or from any directories on his or her local system or only specified directories.

97 

Command Shell
Enables the representative to issue commands on the remote computer through a virtual command line interface. If Not Defined, this option will be set by the next lower priority policy. This setting my be overridden by a higher priority policy.

98 

Allowed to Run Canned Scripts
Enables the representative to run canned scripts that have been created for his or her teams.

99 

System Info
Enables the representative to see system information about the remote computer. If Not Defined, this option will be set by the next lower priority policy. This setting my be overridden by a higher priority policy.

100 

Allowed to use system information actions
Enables the representative to interact with processes and programs on the remote system without requiring screen sharing. Kill processes; start, stop, pause, resume, and restart services; and uninstall programs.

101 

Registry Access
Enables the representative to interact with the registry on a customer's remote Windows system without requiring screen sharing. View, add, delete and edit keys, search and import/export keys.

102 

Elevation
Enables the representative to attempt to elevate the customer client to run with administrative rights on the remote system. If Not Defined, this option will be set by the next lower priority policy. This setting my be overridden by a higher priority policy.

103 

Bomgar Buttons Deployment
Enables the representative to deploy or remove a Bomgar Button while in a session. Locations available for deployment depend on the Bomgar Button settings above. If Not Defined, this option will be set by the next lower priority policy. This setting my be overridden by a higher priority policy.

104 

Jump Clients Pinning/Unpinning
Enables the representative to pin or unpin a Jump Client while in a session. Locations available for deployment depend on the Jump Client settings above. If Not Defined, this option will be set by the next lower priority policy. This setting my be overridden by a higher priority policy.

105 

Chat
Enables the representative to chat with the end-user. If Not Defined, this option will be set by the next lower priority policy. This setting my be overridden by a higher priority policy.

106 

Allowed to Push URLs to the Customer's Web Browser
Enables the representative to enter a URL into the chat area and then click the Push URL button to automatically open a web browser to that address on the remote computer.

107 

Allowed to Send Files Using the Chat Interface
Enables the representative to send files via the chat interface.

108 

Skills
Designates the skills assigned to this representative. When using skills match for Equilibrium, sessions will be assigned to the representative best skilled to handle a particular issue.

     

109 

Login Schedule
Create schedules to define when representatives can log into the console. If, for instance, the time is set to start at 8 am and end at 5 pm, a representative can log in at any time during this window but may continue to work past the set end time; he or she will not, however, be allowed to log back in after 5 pm. If stricter access control is required, check Force logout to force the representative to log out at 5 pm. In this case, the representative will receive recurring notifications 15 minutes prior to the automatic logout, and any owned sessions will follow the session fallback rules. Multiple time windows can be configured and set for any time zone.

 

110 

Support Teams
Designates the teams to which representatives in this group should be added. If a representative is in another group that adds representatives to a team but you do not want representatives in this group to be on that team, set this policy to remove representatives from that team. Representatives added manually to a team cannot be removed via group policy.

       

111 

Jumpoints
Designates Jumpoints to which representatives in this group or embassy have access.

For group policies only, if a representative is in another group that gives access to a Jumpoint but you do not want representatives in this group to have access to that Jumpoint, set this policy to remove representatives from that Jumpoint. Representatives added manually to a Jumpoint cannot be removed via group policy.