API User Role Permissions
When creating a user to access APIs, you must also create a role to assign to the API user which gives them access to N-able N-central APIs. When creating an API user role, you are able to set specific permissions to levels of access. For API-only users, the scope of what user can access through N-central's APIs are controlled by the access groups and Roles assigned to the user. The following outlines the recommended role permissions based on the level of access required.
For permission roles for N-central's UI, please reference the Permissions Dictionary and Menu.
API Role Permissions
Read-Only (RO) User Permissions
When you set read-only user permissions, the user is only able to view N-central's APIs. To create a read-only API user role to allow viewing access, you must set the following access levels:
| Module | Access | Access Level |
|---|---|---|
| Administration | Custom Properties |
Create/Edit/Delete set to None View/Set set to Read Only |
| SO/Customers/Sites | Create SO/Customer/Site set to None | |
| User Management |
Access Groups set to Read Only Roles set to Read Only Users set to Read Only |
|
| Configuration | Asset Discovery | Discovery Jobs set to Read Only |
| Monitoring |
Alerts Acknowledge set to None Filters set to Read Only Services/Tasks set to Read Only |
|
| Devices | Downloads | N-central Installers Download set to None |
| Network Devices |
Add/Import Devices set to None Delete Devices set to None Edit Device Settings set to Read Only Move Devices set to None Registration Tokens set to None |
|
| Tickets & Notifications | Ticketing | Ticketing set to None |
Full Access API User
An API User with full access is able to view and manage all of N-central's APIs and (for non-API-Only users) all of the N-central UI. To create a Full Access user role, you must set the following access levels:
| Module | Access | Access Level |
|---|---|---|
| Administration | Custom Properties |
Create/Edit/Delete set to Manage View/Set set to Manage |
| SO/Customers/Sites | Create SO/Customer/Site set to Manage | |
| User Management |
Access Groups set to Manage Roles set to Manage Users set to Manage |
|
| Configuration | Asset Discovery | Discovery Jobs set to Manage |
| Monitoring |
Alerts Acknowledge set to Manage Filters set to Manage Services/Tasks set to Manage |
|
| Devices | Downloads | N-central Installers Download set to Manage |
| Network Devices |
Add/Import Devices set to Manage Delete Devices set to Manage Edit Device Settings set to Manage Move Devices set to Manage Registration Tokens set to Manage |
|
| Tickets & Notifications | Ticketing | Ticketing set to Manage |
Minimum permissions needed to extract registration tokens
When an API user needs to be able to query the N-central API for customer IDs and registration token, which is part of automating the N-central agent installation process, they would need the following permissions:
| Module | Access | Access Level |
|---|---|---|
| Administration | Custom Properties |
Create/Edit/Delete set to None View/Set set to Read Only |
| SO/Customers/Sites | Create SO/Customer/Site set to None | |
| User Management |
Access Groups set to Read Only Roles set to Read Only Users set to Read Only |
|
| Configuration | Asset Discovery | Discovery Jobs set to Manage |
| Monitoring |
Alerts Acknowledge set to None Filters set to Read Only Services/Tasks set to Read Only |
|
| Devices | Downloads | N-central Installers Download set to Manage |
| Network Devices |
Add/Import Devices set to Manage Delete Devices set to Manage Edit Device Settings set to Manage Move Devices set to Manage Registration Tokens set to Manage |
|
| Tickets & Notifications | Ticketing | Ticketing set to None |
Minimum permissions needed for a PSA Integration account
An API User who needs to be able to use N-central's APIs to manage PSA Integration. To create an API PSA integration account, you must set the following access levels:
| Module | Access | Access Level |
|---|---|---|
| Administration | Custom Properties |
Create/Edit/Delete set to None View/Set set to Read Only |
| SO/Customers/Sites | Create SO/Customer/Site set to Manage | |
| User Management |
Access Groups set to Read Only Roles set to Read Only Users set to Read Only |
|
| Configuration | Asset Discovery | Discovery Jobs set to Read Only |
| Monitoring |
Alerts Acknowledge set to None Filters set to Read Only Services/Tasks set to Read Only |
|
| Devices | Downloads | N-central Installers Download set to None |
| Network Devices |
Add/Import Devices set to None Delete Devices set to None Edit Device Settings set to Read Only Move Devices set to None Registration Tokens set to None |
|
| Tickets & Notifications | Ticketing | Ticketing set to None |
Minimum permissions needed to create customers in N-central
An API User who needs to be able to use N-central's APIs to create N-central customers. To make an API user capable of creating customers, you must set the following access levels:
| Module | Access | Access Level |
|---|---|---|
| Administration | Custom Properties |
Create/Edit/Delete set to None View/Set set to Read Only |
| SO/Customers/Sites | Create SO/Customer/Site set to Manage | |
| User Management |
Access Groups set to Read Only Roles set to Read Only Users set to Read Only |
|
| Configuration | Asset Discovery | Discovery Jobs set to Read Only |
| Monitoring |
Alerts Acknowledge set to None Filters set to Read Only Services/Tasks set to Read Only |
|
| Devices | Downloads | N-central Installers Download set to None |
| Network Devices |
Add/Import Devices set to None Delete Devices set to None Edit Device Settings set to Read Only Move Devices set to None Registration Tokens set to None |
|
| Tickets & Notifications | Ticketing | Ticketing set to None |
Learn more