Announcement

Collapse
No announcement yet.

Roles & Permissions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Roles & Permissions

    It would be great to be able to create user roles to restrict certain permissions to senior staff:
    - Restrict File Transfer & Shell Execute from the session tools
    - Restrict Deleting (company/site/device/job/procedure/policy)
    - Restrict Creating Procedures
    - Restrict Unattended Access
    - Restrict running certain Procedures/Jobs (ex. admin only tasks)

  • #2
    Hi,

    Yes, Role Based Administration is on roadmap and your list is noted as well.

    Ilker

    Comment


    • #3
      What other features / actions do you see should be limited per role?

      On RMM / On service Desk / On Patch Management?

      Comment


      • #4
        I've only went through RMM so far, but generally, there might be 3 levels:
        1. Standard technician who just uses what's available and requests remote support from the customer (no shell execute, can't create/edit/delete, possible to edit company/site name/description)
        2. Advanced technician who can create/edit procedures/policies, but not delete. Audit trail becomes important, so it edits can be saved as revision history copies; at the moment, we have to create a copy and delete the existing one, and then figure out if it's being used elsewhere and do the same there (ex. a procedure in a job). Instead, you can give the procedure and ID and keep the previous copies as revision history, but the system always uses the latest version (like Google Docs revision history).
        3. Admin who can also delete. Delete is usually the most dangerous thing and normally should be avoided (and audited).

        On the other hand, procedures and jobs can have similar levels on who can run them (or see them). Note that a job can contain a high level procedure, but yet, it can be allowed to be used by any level.

        Ability to assign/restrict technicians to companies/sites would be great. This means that the technician will only see alerts from the assigned devices.

        So, introducing "Groups" might be a good idea, especially dynamic groups (windows servers, Linux, Mac computers, machines with certain software like certain antivirus/backup/AutoCAD/accounting/ ...) which simplifies assigning expertise as necessary.

        Comment

        Working...
        X