Client devices are assigned a specific role corresponding to a job function in enterprise organizations. Each role has a set of permissions to execute certain operations associated with that role. Once the client device is assigned a role, there is no provision to automatically and dynamically restrict the client device to a less privileged role when the client device starts to misbehave. This handicap can negatively influence the productivity of the enterprise organization due to the client device continuing to misbehave in the assigned role.