Next Topic

Previous Topic

Book Contents

User Roles

System > User Security > User Roles

The User Roles page creates and deletes user roles. User roles determine what functions a user can access using the Access Rights tab. VSA users can belong to one or more VSA user roles. Each user role must be assigned to one or more user role types, which can be changed using the Role Type tab. The following policies are assigned by user role:

  • Access to the entire VSA by weekday and hour using System > Logon Hours
  • Remote control user notification using Remote Control > User Role Policy
  • Field permissions for editing tickets in Ticketing > Edit Fields and Service Desk > Preferences by Role

In addition, sharable objects—such as procedures, reports, monitor sets and agent installation packages—can be shared by user role.

Note: A VSA user logs on with both a user role (functions they can perform) and a scope (scope data objects they can see).  Membership in a user role and a scope is independent of each other.

Note: VSA users can also be assigned to user roles using the System > Users > Roles tab.

Warning: Restrict access to User Roles and Machine Roles for all roles except roles responsible for administrating function access.

Master User Role

See System > Users for a discussion of the Master user role.

Middle Pane

You can perform the following actions in the middle pane of Roles:

  • New - Create a new role.
  • Copy Permissions - Copy the access rights to the selected role from any other role.
  • Rename - Rename the role. Role names can only be all lower case.
  • Delete - Delete the selected role. All VSA users must be removed from a role before you can delete it.

Members

The Members tab displays which VSA users are assigned to the role selected in the middle pane.

  • Click the Assign and Remove buttons to change the role VSA users are assigned to.
  • Sort and filter the VSA users listed in the Members page.

Access Rights

The Access Rights tab in the System > User Roles page determines what functions VSA users belonging to a selected role can perform. For example, access rights can include whether or not a user can open, add, edit or delete a particular record.

Note: Scopes determine whether a user can see certain user-created data structures displayed in the VSA. Roles determine access rights to the functions that act on those data structures.

A navigation tree provides access to each module, folder, item, and control in the VSA.

  • Click the or icons next to any item in the tree to display or hide child branches of that item.
    • A checked item means a role provides access to that item.
    • A unchecked item means a role does not have access to that item.
    • Click Expand All to expand the entire tree.
    • Click Collapse All to collapse the entire tree.
  • Click Set Role Access Rights to change access rights for a role.
    • Checking or clearing any checkbox sets the same state for any child items.
    • Click Enable All to enable all items.
    • Click Disable All to disable all items.

Role Types

Kaseya licensing is purchased by role type. There are separate role types for licensing users by user role type and licensing machines by machine role type. Each role type enables selected functions listed in the Access Rights tab of User Roles and Machine Roles. The number of role type licenses purchased displays in the System > License Manager > Role Type tab. Each role type license specifies the number of named users and concurrent users allowed.

User Roles Types

Every user role must be assigned to at least one user role type. If a user role is assigned to more than one role type, access to a function is enabled if any one of the role types enables access to that function. Function access can be optionally limited further by user role or machine role. User role types include:

  • VSA Admin - Includes both master users and standard users.
  • End Users - Provides limited access to selected functions in the VSA. Primarily intended for customers of service providers. Customers can logon to the VSA and print reports or look at tickets about their own organizations.
  • Service Desk Technician - Can edit Service Desk tickets and run reports, but not configure service desks, support tables or service desk procedures.
  • Service Desk Admin - Can do anything in Service Desk.

Kaseya SaaS user role types include:

  • IT Toolkit Free Admin - Install agents, remote control and file manager with KLC, maintain users and machine groups.
  • IT Toolkit Free Admin - Install agents, most KLC functions, maintain users and machine groups.
  • IT Workbench Admin - Basic access to core options with no agent procedures or scripting.
  • IT Center Admin - Similar to VSA Admin, no system tab access.

Click the Assign and Remove buttons to change the role types a user role is assigned to.