Role privileges in Apple Business Manager
In Apple Business Manager, each role consists of a set of privileges and it affects all accounts that have that role. Staff roles have very limited privileges, manager roles have more, and administrators have the most.
View a role
In Apple Business Manager
, sign in with an account that has the role of Administrator or People Manager.Click Roles in the sidebar, then select a role.
View the role and a list of the privileges associated with it.
Click
to view individuals who hold that role.
Basic privileges
Privilege | Administrator | People Manager | Device Enrollment Manager | Content Manager |
|---|---|---|---|---|
Accept terms and conditions | Always on | Always off | Always off | Always off |
Edit privileges for other roles | Always on | Always on | Always off | Always off |
Add Apple customer numbers and Reseller IDs | Always on | Always off | Always off | Always off |
Use managed devices | Always on | Always on | Always on | Always on |
Sign in to iCloud.com with a Managed Apple ID | Always on | Always on | Always on | Always on |
Use managed apps and books | Always on | Always on | Always on | Always on |
Administer AppleSeed for IT | Always on | Off by default | Always off | Always off |
Participate in AppleSeed for IT | Always on | On by default | On by default | On by default |
For more information on AppleSeed for IT, see the AppleSeed for IT website.
Configure organization settings, as shown in the following table:
Privilege | Administrator | People Manager | Device Enrollment Manager | Content Manager |
|---|---|---|---|---|
Configure federated authentication | Always on | Always on | Always off | Always off |
Create, edit, and delete locations | Always on | Always on | Always off | Always off |
Set the default Managed Apple ID user name format | Always on | Always on | Always off | Always off |
People privileges
Manage people privileges as shown in the following table:
Privilege | Administrator | People Manager | Device Enrollment Manager | Content Manager |
|---|---|---|---|---|
Create, edit, and delete Managed Apple IDs | Always on | Always on | Always off | Always off |
Assign roles to users | Always on | Always on | Always off | Always off |
Change account status of users | Always on | Always on | Always off | Always off |
Reset passwords | Always on | Always on | Always off | Always off |
Content privileges
Configure content settings, as shown in the following table:
Privilege | Administrator | People Manager | Device Enrollment Manager | Content Manager | |
|---|---|---|---|---|---|
Buy content | Always on | Always off | Always off | Always on | |
View content | Always on | Always off | Always off | Always on | |
Reassign licenses for apps and hold unassigned licenses for apps | Always on | Always off | Always off | Always on |
Device privileges
Manage device settings, as shown in the following table:
Privilege | Administrator | People Manager | Device Enrollment Manager | Content Manager |
|---|---|---|---|---|
Manage MDM servers | Always on | Always off | Always on | Always off |
Add, assign, and remove devices | Always on | Always off | Always on | Always off |
Release devices | Always on | Always off | Always on | Always off |
Staff privileges
Configure staff settings, as shown in the following table:
Privilege | Staff | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Use managed devices | Always on | ||||||||||
Sign in to iCloud.com with a Managed Apple ID | Always on | ||||||||||
Use managed apps and books | Always on | ||||||||||
Participate in AppleSeed for IT | On by default | ||||||||||