There are four privilege levels that can be assigned to a local account, which correspond to different user roles for Director administration:
Privilege level 1 = Read-only role. You can view Director logs and the results of commands, but cannot change them. Read-only users can access Directory only via the CLI.
Privilege level 7 = Read-only and Execute role. You can perform one-time tasks, such as executing a profile or an overlay on a device, bit cannot make any configuration changes such as scheduling tasks, creating profiles, or configuring devices or device groups.
Privilege level 10 = Delegated Admin role. You can create, block and allow lists of URLs and categories for content filtering policy. Devices access and task performance is limited: only assigned content policy overlays can be executed on assigned target devices.
Note: Privilege level 10 cannot be set directly via the username command. It is set by assigning the role delegated-admin.
Privilege level 15 = Admin role. This is the default level for new accounts. You can schedule jobs, manage content, and manage users. You can also make permanent changes to Director configuration. If the privilege level is changed during a session, the new privileges take effect immediately.