I had briefly touched upon Device Security in one of my earlier posts: in particular, the privileges needed for using the DeviceConnection methods.  In this post, I will elaborate more on the same:

1) If you are performing a DeviceConnection operation that can potentially change the device (such as  DeviceConnection.SetProperty()), the caller should have administrative privileges on the device.  Having administrative privilege on a device means that at least one of the following should be true:

a) The caller is a member of the builtin administrators group on the server (OR)
b) The caller's account is a member of the device's custom administrator list (To view/modify this using RFID Manager, right click on a device -> Security).  Note that in addition to being in the custom administrators list of the device, this account also should be added to the RFID_USER group on the server machine.

2) If you are performing a DeviceConnection operation that cannot change the state of the device (such as DeviceConnection.GetProperty()) or DeviceConnection.PrintTag()), the caller does not require administrative privileges.  Any account in the RFID_USER group on the server machine should be able to perform such operations.

Here's the full list of DeviceConnection methods and the information on whether it requires administrative privileges:

Note: If you are using DeviceManagreProxy.ExecuteCommandForConnection(), the same security model described above applies exactly to it as well.  However, I would strongly recommend using DeviceConnection for such operations instead of DeviceManagerProxy.  (DeviceConnection internally goes through DeviceManagerProxy).