Assigning Provider Permissions for Client Actions
Overview
Callisto (version 20-02 and later) provides client actions, and collection editing administrative actions. The ability of a Callisto user to access these functions depends on three criteria:
- The Callisto Application Pool account must have a security role assigned in the Configuration Manager console
- The Callisto user must have been granted permissions to the relevant actions in the Callisto Administration node
- The Callisto user needs to be able to see the specific devices they might want to use these actions against in the Callisto pages.
Assigning the Callisto App Pool account a Configuration Manager security role
To satisfy point 1 above there are a few options. If the Callisto site is running on the Configuration Manager server, there should be no additional actions required.
If Callisto is on a remote server refer to this article to grant the relevant permissions in Configuration Manager
Assigning Callisto privileges to access client actions and collection modification and device affinity rights
The Callisto Administrator node allows you to grant rights to individual users or specific roles for console actions and collection features. Browse to the Callisto Administrator Node and edit the role or user you wish to grant rights to.

The top-level Actions permission area allows you to grant and deny access to actions on a granular level.
These permissions can be set for a Role (as shown here) and then any user with that role with inherit them, but they can then be further overridden at the user level if required (to add or remove inherited rights).