We’ve got regional IT teams and I’m trying to separate things properly in Hexnode.
Right now, everyone can see the full device list. I was thinking of creating separate roles for North and South teams.
Would that be enough to stop them from seeing each other’s devices?
28 Views
Not by itself, @vance_j .
Roles mainly control what actions they can perform — like wipe, lock, manage apps, edit policies, and so on.
If you only split roles, they might still see the entire fleet. To actually limit which devices they can see, you need to configure the scope.
So, roles don’t control visibility?
Not fully.
Think of it this way:
Role = what they’re allowed to do
Scope = which devices those permissions apply to
You can give two techs the same role, but if one is scoped to “North Devices” and the other to “South Devices,” they’ll only see their assigned groups.
We made this mistake early on.
Created region-based roles, thought we were done. Logged in as a regional tech and… still seeing everything 😅.
Had to go back and restrict by device groups under scope.
One tip: make sure your regional device groups are clean before applying scope.
If the group structure is messy, the visibility will be messy too.
Got it. So separate roles if needed, but scope is what actually hides devices.
That clears it up.
Don't have an account? Sign up
