|System and Tiered Administrators / Tiered Administrators|
Like all permissions, tiered administration permissions can be associated with any group. However, Vocera recommends that you create dedicated groups just for tiered administration permissions, so you can clearly see which users have these permissions at a glance.
If you are going to implement tiered administration permissions, Vocera suggests that you set up one group for each permission, and then assign users to the groups necessary to grant them the proper set of permissions.
For example, you could create the following groups and assign each group its respective tiered administration permission:
Tiered Admin-Add Edit Delete Users
Tiered Admin-Edit Users
Tiered Admin-Add Edit Delete Temporary Users
Tiered Admin-Add Edit Delete Address Book Entries
Tiered Admin-View Users and Groups
Tiered Admin-Perform System Device Management
Groups such as the ones above sort together in the Administration Console and are clearly labeled, so they are easy to maintain.
Avoid assigning multiple tiered administration permissions to a single group such as View and Add Edit Delete Users, even if you only have one set of tiered administrators who all have the same permissions.
As your deployment grows, and your needs change, you may require tiered administrators with various sets of permissions, and several groups that each have multiple tiered administration permissions are difficult to maintain. Creating several groups, each with a single tiered administration permission as described above, is the best practice.