Role privileges in Apple Business Manager
Each role consists of a set of privileges and it affects all accounts that have that role. Staff roles have very limited privileges, manager roles have more, and administrators have the most.
Basic privileges
Privilege | Administrator | People Manager | Device Manager | Content Manager |
|---|---|---|---|---|
Accept terms and conditions | Required | Always off | Always off | Always off |
Edit privileges for other roles | Required | Required | Always off | Always off |
Transfer app and book licenses between locations | Required | Always off | Always off | Always off |
Add Apple customer numbers and Reseller IDs | Required | Always off | Always off | Always off |
Set tax status information | Required | Always off | Always off | Always off |
Configure organization settings, as shown in the following table:
Privilege | Administrator | People Manager | Device Manager | Content Manager |
|---|---|---|---|---|
Create, edit, and delete locations | Required | Required | Always off | Always off |
Set the default Managed Apple ID user name format | Required | Required | Always off | Always off |
Manage device settings, as shown in the following table:
Privilege | Administrator | People Manager | Device Manager | Content Manager |
|---|---|---|---|---|
Manage MDM servers | Required | Always off | Required | Always off |
Add, assign, and remove devices | Required | Always off | Required | Always off |
Other basic privileges, as shown in the following table:
Privilege | Administrator | People Manager | Device Manager | Content Manager |
|---|---|---|---|---|
Use managed devices | Required | Required | Required | Required |
Use managed apps and books | Required | Required | Required | Required |
Sign in to iCloud.com with a Managed Apple ID | Required | Required | Required | Required |
People privileges
Manage Managed Apple IDs, as shown in the following table:
Privilege | Administrator | People Manager | Device Manager | Content Manager |
|---|---|---|---|---|
Create, edit, and delete Managed Apple IDs | Always on | Always on | Always off | Always off |
Assign roles to users | Always on | Always on | Always off | Always off |
Change account status of users | Always on | Always on | Always off | Always off |
Privileges to reset passwords and generate verification codes, as shown in the following table:
Privilege | Administrator | People Manager | Device Manager | Content Manager |
|---|---|---|---|---|
Reset passwords | Always on | Always on | Always off | Always off |
Content privileges
Configure content settings, as shown in the following table:
Privilege | Administrator | People Manager | Device Manager | Content Manager |
|---|---|---|---|---|
Buy apps and books | Always on | Always off | Always off | Always on |
View App and Book Store | Always on | Always off | Always off | Always on |
Privileges to manage apps and books, as shown in the following table:
Privilege | Administrator | People Manager | Device Manager | Content Manager | Manager |
|---|---|---|---|---|---|
Reassign licenses for apps and books | Always on | Always off | Always off | Always on | Always on |
Hold unassigned licenses for apps and books | Always on | Always off | Always off | Always on | Always on |