The Scopes page defines visibility of certain types of user-defined data objects throughout the VSA. For example, a user could see some machine groups, but not be able to see other machine groups. Once a scope has made a data object visible to a user, the functions the user can perform on that data object are determined by user role. Scopes enables VSA users responsible for user security to create different scopes of data objects and assign them to different populations of users.
Note: A user logs on with both an assigned role (the functions they can perform) and an assigned scope (the data they can see). Membership in a role and membership in a scope are independent of each other.
Users can also be assigned to scopes using the System > Users > Scopes tab.
Scope Data Objects
For the initial release of Kaseya 2, there are five types of data objects that can be assigned to scopes. Each are defined outside of scopes before being assigned to scopes.
- Organizations - Organizations are a new type of record in Kaseya 2. An organization is typically a customer but not necessarily only customers. An organization record contains certain general information, such as its name and address, number of employees and website. An organization also defines a hierarchy of additional information, as illustrated below, representing all the machine groups and personnel within that organization. Organizations are defined using System > Orgs/Groups/Depts > Manage.
- Machine Groups - Machine groups are groups of managed machines. If you've worked with Kaseya 2008, then machine groups behave the same way in Kaseya 2. The only difference is that machine groups are defined by organization. Machine Groups are defined using System > Orgs/Groups/Depts > Manage > Machine Groups.
- Machines - A managed machine is a computer with an agent installed on it. Each machine has to belong to a machine group. You create them the same way they are created in Kaseya 2008, typically using the Agents > Deploy Agents function.
- Departments - Departments are a new type of record in Kaseya 2. A department is a division within an organization. Staff members of an organization are assigned to a department. Departments are defined using System > Orgs/Groups/Depts > Manage > Departments.
- Service Desk - A service desk is a new type of record in Kaseya 2. It defines all of the functionality required to process tickets using the new Service Desk module. The Service Desk module is a greatly enhanced replacement for the Ticketing module. Service Desks are defined using Service Desk > Configure > Service Desk Definitions.
The parent-child relationships between data structures affect how scopes are maintained.
Assigning any parent record to a scope implicitly assigns all child records to that same scope. For example, assigning an organization to a scope includes the following in that same scope:
- Child organizations.
- Machine groups of the organization and any child organizations.
- Machines of the machine groups in that organization and any child organizations.
- Departments in the organization and any child organizations.
The only way to include a top level organization in a scope is to manually add it to that scope, because no parent record exists to include it. This is called explicit assignment. You can also explicitly assign a lower level object in scope, but only if the lower level object is not already assigned implicitly to the scope through its parent. For example, you could include a machine group explicitly, without adding the machine group's parent organization. You can also explicitly include individual machines and departments in a scope without including their parent records.
All in Scope
The Scopes function provides an All in Scope button, when appropriate. The button displays a window that lists all records in a particular Scope tab, regardless of whether records are assigned implicitly or explicitly.
See System > Users for a discussion of the
You can perform the following actions in the middle pane of Roles:
- New - Create a new scope.
- Rename - Rename the scope.
- Delete - Delete the selected scope. All VSA users must be removed from a scope before you can delete it.
Each tab provides the following actions:
- Assign - Assigns access for a data structure to a scope.
- Remove - Removes access for a data structure from a scope.
- All in Scope - Displays only on the Organizations, Machine Groups, Machines and Departments tabs. Clicking the All in Scope button on a tab displays a new window listing all data structures of that tab type in the scope, whether defined explicitly or implicitly.