Limit custom technician access to specific device groups in HexnodeSolved

Participant
Discussion
3 days ago Jul 03, 2026

I’m setting up a custom technician role for non-admin users. I can assign permissions for individual actions, but I’m stuck on the scope part.

The requirement is for the technician to view device groups and perform actions only on devices in certain custom device groups, without giving broader admin access. Ideally, the user should be able to view the dashboard, manage devices, change device owner, and add devices to device groups.

Is it possible to do this with Global scope, or do I need to select each custom device group under the technician scope?

Replies (3)

Marked SolutionPending Review
Hexnode Expert
3 days ago Jul 03, 2026
Marked SolutionPending Review

Hello @mo-chou ,

Yes, this can be configured by combining a custom Technician Role with a restricted Scope. In Hexnode UEM, the role controls what actions a technician can perform, while the scope controls where those actions can be performed. To restrict a technician to specific custom device groups:

Step 1: Create a Technician Profile

  1. Navigate to Admin > Technicians and Roles and select the Profile sub-tab.

  2. Click Create New Profile and provide a suitable Profile Name.

  3. Go to the Role tab and assign the necessary custom role.

  4. Switch to the Scope tab, select Device Groups from the left pane, and click + Add Device Groups.

  5. Select the required Custom Device Groups from the list and click Okay.

  6. Click Save in the top-right corner to finalize the profile.

Step 2: Assign the Profile to the Technician

  1. Switch back to the Technicians tab.

  2. Add a new technician or edit an existing technician account.

  3. Scroll down to the Assign Profile section.

  4. Use the Choose Profile dropdown menu to select the newly created profile.

  5. Click Save to apply the configuration.

Once this is configured, the technician will only be able to view and act on devices that fall within the selected device groups, based on the permissions allowed in the assigned role.

Regards,
Simon Scott
Hexnode UEM

Marked SolutionPending Review
Participant
7 hours ago Jul 06, 2026
Marked SolutionPending Review

So if I use Global scope, can I still limit them to only certain custom groups through the role permissions? I was hoping to avoid selecting every group manually.

Marked SolutionPending Review
Hexnode Expert
4 hours ago Jul 06, 2026
Marked SolutionPending Review

No. Global scope is not meant for limiting access to selected custom device groups.

If Global scope is applied, the technician’s access is evaluated globally according to the permissions allowed in the associated role. The role can define actions such as access to device management options, but it does not replace scope-based restrictions for specific device groups.

For group-based visibility and management, the custom device groups must be selected under the technician’s Scope. This is the recommended way to allow a non-admin technician to manage only a specific set of devices while keeping the rest of the portal restricted.

Save