If required, we can add the company logo and change fonts using the other tabs.
If we are going to create a role that suits our company needs we are looking to create two roles: a junior helpdesk role and a senior helpdesk role. You might recall from the table under the PIN-to-PIN messages section that the two roles mentioned are pre-configured roles within the BES environment, so why would we need to re-create these two roles?
The reason is that if we are going to use groups in our BlackBerry organization to make admin tasks and management easier, we need to be aware that when we use the two default roles, they by nature have the ability to add themselves to groups, which could have higher, more elevated permissions than you would expect.
For example, if we create a group called Senior Helpdesk, which has the default senior role assigned to it, then add the following administrative user accounts to it: Tim and Jo.
We then create a Junior Helpdesk group, which has the default junior role assigned to it and add our two junior administrative accounts to the group: Tom and Harry.
When Tom or Harry log on to the BlackBerry Administration Service they could add themselves to the Senior Helpdesk group, because by nature the Junior Helpdesk role has the ability to grant access to groups!
So I would prefer to create my own groups, roles, and administrative users from scratch as shown next.
We have the option of creating the role from fresh or we can copy an existing role and change the permissions we need for our organization. For our Junior Admin role, we are going to copy the Junior Helpdesk Administrator role and modify it, so members of it cannot elevate themselves to higher levels of permissions (when we use groups in our organization to carry out administrative tasks).
Next, we are going to create a group called Junior Admins
and assign it the role we have just created. We envisage in our network that there will be several Junior Admins; therefore having a group will make our management easier.
Junior Admins
and a description and click on Save.Next, we are going to create our administrative users — who have just joined our company as junior admins.
Howard
.So to recap on the above, when you create an administrative user you need to assign the user a role to start with. It is always advisable to assign the user the role with the least permissions to start with. The user can then be placed in appropriate groups, bearing in mind that a user can belong to more than one group. If this happens then the user is given the least restrictive role.
There are two more aspects we would like to set from the off on our BES, one is the Enterprise policy as discussed earlier in the chapter and also the ability to limit BlackBerry Messaging to our corporate network. We will look at activating the Enterprise policy first, remembering that it is a whitelist of devices that are allowed to join our BlackBerry infrastructure.
18.118.128.105