Home / Knox Asset Intelligence / How-to guides /

Manage admins and roles

Last updated November 19th, 2025

The Administrators & Roles page allows you to invite other admins in your organization to help manage your Knox Asset Intelligence data. When inviting other admins to Knox Asset Intelligence, you can choose to grant them view only access to your data, full access to all features, or bespoke access to specific features using a custom Role.

Manage admins

As Knox Asset Intelligence is part of Knox Suite, the process for adding and managing admins is the same for all Knox Suite products. You can manage Knox Asset Intelligence admins through the Knox Admin Portal’s common Administrators & Roles page. See the Knox Admin Portal’s documentation for additional details.

Manage roles

A Role is a set of permissions that you assign to an admin. By default, the main account holder that signed up for the Knox account is granted the Super admin role, which grants them full access to every feature in Knox Asset Intelligence and all other Knox cloud services.

Only one Super admin can exist for an account.

When you invite another admin to Knox Asset Intelligence, you can choose to either grant them one of the built-in roles (Viewer or Sub Admin), or create a new role that consists of custom permissions.

invite KAI admin role choices

Here’s an explanation of the available role options:

  • Viewer — When assigned this pre-built role, the admin can view the dashboard, devices, licenses, and activity log pages, but all other pages and functions are disabled.
  • Sub Admin — When assigned this pre-built role, the admin can view all data and perform all functions that the Super admin can perform, including deleting other admins, however they cannot delete the Super admin.
  • Custom role — This role must be created in the console. When creating a custom role, you can specify which dashboard insights and pages, and which functions the admins have access to. You can more than one custom role in the system, but each role must have a unique name.

Create a custom role

To create a custom role for your Knox Asset Intelligence admins, do the following:

  1. Click the Roles tab, then click CREATE ROLE near the top-right corner.
  2. On the Create role page, select Knox Asset Intelligence in the Service field.
  3. Give the role a unique name and option description.
  4. In the right panel, assign your custom permissions for the role.

Configure role permissions

The following section describes each of the role permissions unique to Knox Asset Intelligence.

Data access

The Data access permission group controls access to certain dashboard insights and features. You must select at least one permission in this group. The following table describes each Data access permission and its affected dashboard insight or feature:

Permission Description Notes
Diagnostics Admins can view the Diagnostics page. If you also want to let admins request a log or snapshot, you must also grant permission for Devices and Uploads > Manage devices > Accept, reject, …request debug log….
Apps Admins can view Apps dashboard insights. If you also want to let admins show or hide dashboard insights and change data upload settings, you must also grant permission for Dashboard > Manage dashboard view and data collection.
Network Admins can view Network dashboard insights. If you also want to let admins show or hide dashboard insights and change data upload settings, you must also grant permission for Dashboard > Manage dashboard view and data collection.
Battery Admins can view Battery dashboard insights. If you also want to let admins show or hide dashboard insights and change data upload settings, you must also grant permission for Dashboard > Manage dashboard view and data collection.
Location Admins can view the Location dashboard. If you also want to let admins use the Find asset and Get latest location features, you must also grant permission for Dashboard > Manage dashboard view and data collection.
Security Admins can view the Security center. If enabled, admins can also show or hide the Security center in dashboard Settings > Customize tab.
System Admins can view System insights like Storage, RAM, and CPU usage. If you also want to let admins show or hide dashboard insights and change data upload settings, you must also grant permission for Dashboard > Manage dashboard view and data collection.
Miscellaneous Admins can view the miscellaneous dashboard insights related to Knox Service Plugin. If you also want to let admins show or hide these dashboard insights, you must also grant permission for Dashboard > Manage dashboard view and data collection.

Dashboard

The Dashboard permission group allows admins to control data collection rules and show or hide insights on the dashboard. The following table describes each permission:

Permission Description
View only Admins can only view the dashboard insights permitted in the Data access permissions group.
Manage dashboard view and data collection Admins can show/hide dashboard insights and change data upload settings for all features in the Data access permission group.

Enabling the Manage dashboard view and data collection permission grants total control of data conditions and thresholds for dashboard insights, even if the admin doesn’t have access to an insight in the Data access permission. For example, if the admin does not have Network permission in Data access, granting this permission would still allow them to change data upload rules for network insights, like disabling the collection of Mobile/Wi-Fi data, even if they can’t view the actual network insight on the dashboard.

Devices and uploads

The Devices and uploads permission group allows admins to perform device actions and manage device groups. The following table describes each permission:

Permission Description
View only Admins can view the Devices page, but not take any actions.
Manage devices > Accept, reject, upload… Admins can perform all available actions in the ACTIONS dropdown menu on the Devices page.
Manage devices > Delete devices Admins can delete devices from the account.
Manage devices > Manage groups Admins can create, edit, and delete device groups.

Licenses

The Licenses permission group allows admins to perform actions on the Licenses page. The following table describes each permission:

Permission Description
View only Admins can view the Licenses page, but not take any actions.
Manage devices > Manage licenses Admins can perform all available actions in the ACTIONS dropdown menu on the Licenses page.
Manage devices > Delete devices Admins can delete licenses from the account.

Activity log

This permission allows admins to view the Knox Asset Intelligence activity log.

Permission Description
View activity log Admins can view the Activity log page, but not take any actions.

Administrators and Roles

Permission Description
Invite and manage administrators Admins will have access to the Administrators page, allowing them to invite, deactivate, reactivate, and revoke other Knox Asset Intelligence admins. Note that an admin with this permission can the assigned roles for other admins. Practice caution when assigning this role.
Manage roles Admins will have access to the Roles page, allowing them to create, edit, and delete other roles. Note that an admin with this permission can change their role to include other permissions that you may not have granted. Practice caution when assigning this role.

Reporting

Permission Description
Manage reporting settings Admins can modify the email alert settings for Knox Asset Intelligence in the Knox Admin Portal account Settings page.
Receive emails for company-level alerts Admins can receive email alerts for company-wide events triggered whenever devices reach a dashboard reporting threshold. If you also configured a device group, assigned a group manager, and the group manager is the one receiving this permission, then they will receive threshold-triggered email alerts for the entire company, even if they are only managing a specific subset of devices in a group.

On this page

Is this page helpful?