User roles and permissions These are the predefined roles and the permissions for your organization. You can also use these permissions when you create a new role or change a role’s permissions. Predefined roles By default, the following roles are predefined and cannot be changed: Organization Owner The owner of the Kobiton account is given all user permissions. This role can only be transferred to another user by the current Organization Owner. ADMIN The ADMIN role must be assigned by the Organization Owner or another ADMIN. ADMINs are given all user permissions and permissions to manage all devices in the organization in the settings. MEMBER Every user invited to your organization is assigned the MEMBER role and given the following permissions: system.login system.logout app_repo.view_all_application Permissions System Permissions system.login Allows a user to log in to Kobiton. Always required. system.logout Allows a user to log out of Kobiton. Always required. App Repo app_repo.delete_other_application Allows a user to delete public apps in the app repository. If app_repo.view_all_application is also assigned, the user can delete private apps. app_repo.upload_application Allows a user to upload and rename any apps they previously uploaded. app_repo.view_all_application Allows a user to view all apps in the app repository, including private and locked apps. Devices device.custom_device_name Allows a user to create custom device names. device.tag_devices Allows a user to create device tags. Org Management org_management.modify Allows a user to manage all teams, roles, users, and device bundles. Settings org_setting.modify Allows a user to manage all organization settings, including cleanup policies, integrations, configurations, and more. org_setting.modify_machine_location Allows a user to edit the location of a Mac mini host via the Device Management page. org_setting.modify_security_banner Allows a user to change the portal login message. org_setting.modify_sso_setting Allows a user to manage all Single-Sign On (SSO) authentication settings. org_setting.reboot_private_device Allows a user without the ADMIN predefined role to restart assigned devices from the manage device page. Sessions session.modify_other_session Allows a user to change session details and delete sessions. session.terminate_other_session Allows a user to end another user’s test session. session.view_all_session Allows a user to view all test sessions. Softbook soft_book.terminate_other_soft_book Allows a user to remove the retention of any device by any user. Subscriptions subscription.modify_subscription Allows Admins to manage subscriptions on self-serve plans. This permission is not assigned to the ADMIN predefined role.