User Roles

System > User Security > User Roles

• This page applies to the following products: On Premises, Kaseya Advanced, Kaseya Essentials, IT Center

The User Roles page creates and deletes user roles. Within an user role you can select:

• Members - Assign or remove members for a user role.
• Access Rights - Select the access rights for a user role. Access rights determine the functions a user can access.
• Role Types - Assign or remove role types for a user role. Access rights are restricted by the set of licensed role types assigned that user role.

VSA users can belong to one or more VSA user roles. Each user role must be assigned to at least one user role type.

Note: A VSA user logs on with both a user role (functions they can perform) and a scope (scope data objects they can see).  Membership in a user role and a scope is independent of each other.

Note: VSA users can also be assigned to user roles using the System > Users > Roles tab.

Note: See System > Users for a discussion of the Master user role.

Warning: Restrict access to User Roles and Roles for all roles except roles responsible for administrating function access.

Middle Pane

You can perform the following actions in the middle pane of Roles:

• New - Create a new role.
• Copy Permissions - Copy the access rights to the selected role from any other role.
• Rename - Rename the role. Role names can only be all lower case.
• Delete - Delete the selected role. All VSA users must be removed from a role before you can delete it.

Related Pages

The following policies are assigned by user role:

• Access to the entire VSA by weekday and hour using System > Logon Hours
• Remote control user notification using Remote Control > User Role Policy
• Field permissions for editing tickets in Ticketing > Edit Fields and Service Desk > Role Preferences
• Sharable objects—such as procedures, reports, monitor sets and agent installation packages—can be shared by user role.

Members tab

The Members tab displays which VSA users are assigned to the role selected in the middle pane.

• Click the Assign and Remove buttons to change the role VSA users are assigned to.
• Sort and filter the VSA users listed in the Members page.

Access Rights tab

The Access Rights tab in the System > User Roles page determines what functions VSA users belonging to a selected role can perform. For example, access rights can include whether or not a user can open, add, edit or delete a particular record.

Note: Scopes determine whether a user can see certain user-created data structures displayed in the VSA. Roles determine access rights to the functions that act on those data structures.

A navigation tree provides access to each module, folder, item, and control in the VSA.

• Click the or icons next to any item in the tree to display or hide child branches of that item.
  • A checked item means a role provides access to that item.
  • A unchecked item means a role does not have access to that item.
  • Click Expand All to expand the entire tree.
  • Click Collapse All to collapse the entire tree.
• Click Set Role Access Rights to change access rights for a role.
  • Checking or clearing any checkbox sets the same state for any child items.
  • Click Enable All to enable all items.
  • Click Disable All to disable all items.

Specialized Access Rights

• InfoCenter > Dashboard > Admin Notes
• InfoCenter > Dashboard > Status
• InfoCenter > Dashboard > Online Help
• System > System Preferences > Functional Access
• System > System Preferences > Enable Scheduling - Applies to Patch Management > Scan Machine > Schedule button only
• System > System Preferences > Enable Wake on LAN - Applies to Patch Management > Scan Machine > Schedule button only

Role Types tab

Click the Assign and Remove buttons to change the role types a user role is assigned to.

Roles Types

Kaseya licensing is purchased by role type. There are separate role types for licensing users by user role type and licensing machines by machine role type. Each role type enables selected functions listed in the User Roles > Access Rights tab and Machine Roles > Access Rights tab. The number of role type licenses purchased displays in the System > License Manager > Role Type tab. Each role type license specifies the number of named users and concurrent users allowed.

User Roles Types

Every user role must be assigned to at least one user role type. If a user role is assigned to more than one role type, access to a function is enabled if any one of the role types enables access to that function. Function access can be optionally limited further by user role or machine role. User role types include:

• VSA Admin - Includes both master users and standard users.
• End Users - Provides limited access to selected functions in the VSA. Primarily intended for customers of service providers. Customers can logon to the VSA and print reports or look at tickets about their own organizations.
• Service Desk Technician - Can edit Service Desk tickets and run reports, but not configure service desks, support tables or service desk procedures.
• Service Desk Admin - Can do anything in Service Desk.

Kaseya SaaS user role types include:

• IT Toolkit Free Admin - Install agents, remote control and file manager with KLC, maintain users and machine groups.
• IT Toolkit Free Admin - Install agents, most KLC functions, maintain users and machine groups.
• IT Workbench Admin - Basic access to core options with no agent procedures or scripting.
• IT Center Admin - Similar to VSA Admin, no system tab access.

Topic 4577: Send Feedback. Download a PDF of this online book from the first topic in the table of contents. Print this topic.