Understanding Role Privileges in Apple Business Manager

18th February 2021
Apple devices for ABM

The various role levels in Apple Business Manager make it simple for your workers to have the right permissions for their job.

Understanding role privileges in the ABM portal will make it easy to give the right control to the right people.

Having set up your company’s Apple IDs and assigned them to your employees, you can then customise these ID with roles.

Since role privileges are assigned by location, you can actually give the same user different roles in different locations, which can be useful for your business operations. If you have multiple offices, you can delegate roles based on all your different locations.

What are the Benefits of Role Privileges in Apple Business Manager?

Apple Business Manager has many advantages. By using role privileges correctly, your managers can be effective in ordering and deploying devices, assigning apps and content, restricting functions etc.

Roles prevent staff from personally configuring their corporate devices too much or downloading certain apps.

Managing roles correctly not only makes operations more efficient, but it also helps to make your business more secure. Staff can be prevented from using certain applications or making changes on company-owned devices.

What Roles Are Available in the ABM Portal?

Top level control is for the Administrators of your Apple Business Manager account.

There are also other roles, including:

  • People Manager
  • Device Enrolment Manager
  • Content Manager
  • Staff

Staff are basic level users, and they can use managed devices, sign into iCloud with their managed Apple ID, and use the managed apps and content that higher roles will have assigned to their devices.

While roles can be customised, all come with certain access and permissions automatically.

Content Managers

Content Managers can do everything that staff level users can do but have some additional permissions too.

They can configure content settings, for example, buying content or reassigning licenses for apps.

By default, they cannot manage device settings, such as managing MDM servers or removing devices. They also cannot grant other users different roles or change their status. They have no editing access to your organisation’s settings.

Device Enrolment Managers

Device Enrolment Managers can add, assign, remove, or release devices in the ABM portal, as well as managing MDM servers. They cannot manage content licenses.

People Managers

People Managers can create, edit, and delete managed Apple IDs in the company ABM portal.

They can help manage employee access and privileges by assigning and changing other users’ roles, statuses, and resetting passwords.

People Managers also have additional privileges, including configuring federated authentication, creating and editing locations and setting the default managed Apple ID username format.

They cannot manage devices or content licenses.


Admins have full control of all settings in your ABM portal. They can do everything that staff, People Managers, Device Enrolment Managers, and Content Managers can do and have additional privileges. Admins can set up and accept the terms and conditions of the company’s ABM portal.

As you can see, the additional roles and associated privileges allow directors to easily delegate certain responsibilities to their heads of department without releasing too much control.  

How to Assign Roles in Apple Business Manager

Luckily, assigning roles in Apple Business Manager is straightforward and you can customise the permissions and access that your users require.

Only Admins and People Managers can act upon other users’ roles.

To assign new roles:

Step 1) Sign into your ABM portal with an Admin level account or a People Manager level account.

Step 2) In the sidebar, select ‘Accounts’.

Step 3) Search for the user whose role permissions you would like to edit. You can search with filters such as ‘email domain’, ‘date added’, ‘current role’, ‘location’, etc.

Step 4) Having found the desired user account, simply select it from the list.

Step 5) Tap the edit icon, which looks like a pencil.

Step 6) Choose the new role.

Step 7) Click Save.

To add a new Administrator, you must carry out the following steps:

Step 1) Sign into your ABM portal using an Admin level account.

Step 2) In the sidebar, select ‘Accounts’.

Step 3) Click the + symbol.

Step 4) Enter the following info for the new Admin:

  • First and last name
  • Role and location
  • Email address
  • Managed Apple ID

Step 5) Click save and you will have a new Admin.