Default System Role Permissions

You can use the following System Roles with their defined permissions, or you can create custom roles that are based on the System Roles:

  • Superuser—full system access with all permissions enabled (except for Product Keys)
  • Administrator—system access to all features except user management and billing information
  • Standard—system access with mixed permissions; mostly concerned with viewing items and using features
  • Client— basic system access with permissions for specific Client management and view options

If you create a custom role based on the Superuser, Administrator, or Standard System Role you can edit all of the permissions, except the Security permission that is for Superuser only, to meet your custom needs.

If you create a custom role based on the Client System Role, you are limited in the permissions you can edit.

For information about the limited permissions for a custom role based on the Client System Role, see the Client: Custom Options column in the following tables.

IMPORTANT: To avoid exposure of customer details to other clients, it is imperative that Client Dashboard logins are used with Client Groups to ensure the customer can only view their own devices and information, rather than other client details.

To avoid inadvertently revealing customer information, we recommend you log into the Client Dashboard with the customer login before distributing the credentials to the customer to verify they can only view their own details.

The following colors indicate the permissions used for Roles and Permissions:

Key Description
Allow Allow
Deny Deny
Group Group option unavailable—the group contains mixed permissions
Optional Client Role—option available

The following tables indicate the default permission details for each System Role:

General

Permission Description Superuser Administrator Standard Client Client: Custom Options
General Settings View and edit the general account settings Allow Allow Deny Deny Deny
Users Allow Deny Deny Deny Deny
User Accounts Add, edit and delete user accounts Allow Deny Deny Deny Deny
Security Reset 2FA for users. Superuser Role only. Allow Deny Deny Deny Deny
Roles & Permissions Add, edit and delete user roles Allow Deny Deny Deny Deny
Client Groups Add, edit and delete client groups Allow Deny Deny Deny Deny
Clients Add, edit and delete clients Allow Allow Deny Deny Deny
Sites Add, edit and delete sites Allow Allow Deny Deny Deny
Devices Add, edit and delete devices (Client cannot Add devices) Allow Allow Allow Deny Optional
Agents Allow Allow Allow Deny Deny
Download & Install Download and install agents and add devices Allow Allow Allow Deny Deny
Site Installation Package Configure and download a site installation package Allow Allow Allow Deny Deny
Agent Auto-update Settings View and update the Agent versions on servers and workstations Allow Allow Allow Deny Deny
Quick Links Allow Allow Deny Deny Deny
Take Control Show or hide the Take Control quick link in the product bar Allow Allow Deny Deny Deny
MSP Manager Show or hide the MSP Manager quick link in the product bar Allow Allow Deny Deny Deny
External Links Allow Allow Group Deny Deny
Settings Edit the external links settings Allow Allow Deny Deny Deny
Usage Show the external links drop-down menu Allow Allow Allow Deny Deny
Help Allow Allow Allow Deny Optional
System Help Show the link to the helpfile section Allow Allow Allow Deny Optional
Support Tickets Submit help tickets to customer support via the Help drop-down menu Allow Allow Allow Deny Optional
Release Notes Show link to the release notes section Allow Allow Allow Deny Optional
Billing Allow Deny Deny Deny Deny
Report View billing related reports Allow Deny Deny Deny Deny
PSA Integration Allow Allow Group Deny Optional
Settings Set up and configure a PSA integration Allow Allow Deny Deny Deny
Usage Create, edit and view PSA tickets and information Allow Allow Allow Deny Optional
Asset Tracking View and use the Asset Tracking section Allow Allow Allow Deny Optional
Product Keys Display the Windows and Microsoft Office Keys in the device Summary tab Deny Deny Deny Deny Optional
Wall Chart View and edit the Wall Chart settings Allow Allow Deny Deny Deny
Community Access the Community websites Allow Allow Allow Deny Deny

Alerting

Permission Description Superuser Administrator Standard Client Client: Custom Options
Alert Routing & Policies Set server and workstation alert routing and alert policy settings Allow Allow Deny Deny Deny
Email Templates View and edit email templates Allow Allow Deny Deny Deny
Email & SMS Alerts Allow Allow Allow Deny Optional
Devices Show the email and SMS alert columns for Servers and Workstations in the North-pane Allow Allow Allow Deny Optional
Checks Show the email and SMS alert columns for checks in the South-pane Allow Allow Allow Deny Optional

Reporting

Permission Description Superuser Administrator Standard Client Client: Custom Options
Dashboard Reports Allow Allow Group Deny Optional
User Audit View the User Audit Report Allow Allow Allow Deny Deny
Added and Removed Devices View the added and removed devices Allow Allow Allow Deny Deny
Device Inventory View the Device Inventory Report Allow Allow Allow Deny Optional
Feature Policy View the Feature Policy Report Allow Allow Allow Deny Optional
Critical Events View the Critical Events Report Allow Allow Allow Deny Optional
Check Clearing View the Check Clearing Report Allow Allow Allow Deny Optional
Fault History View the Fault History Report Allow Allow Allow Deny Optional
Bandwidth and Performance History View the Bandwidth History Report Allow Allow Allow Deny Optional
Active Directory Users View the Active Directory Report Allow Allow Allow Deny Optional
Automated Tasks View the Automated Task Report Allow Allow Allow Deny Optional
Remote Support View the Remote Support Report Allow Allow Allow Deny Deny
Take Control View the Take Control report Allow Allow Allow Deny Optional
Patch Management View the Patch Management report Allow Allow Allow Deny Optional
Managed Antivirus View the Managed Antivirus reports Allow Allow Allow Deny Optional
Disk Encryption Allow Allow Deny Deny Optional
Disk Encryption Report View the Disk Encryption Report Allow Allow Deny Deny Optional
Recovery Key Report View the Disk Encryption Recovery Key Report Allow Allow Deny Deny Optional
Web Protection View the Web Protection reports Allow Allow Allow Deny Optional
Backup & Recovery View the Backup & Recovery report Allow Allow Allow Deny Optional
Mobile Device Management View the MDM reports Allow Allow Allow Deny Optional
Risk Intelligence View the Risk Intelligence reports Allow Allow Allow Deny Optional
Servers Allow Allow Group Deny Optional
Settings Configure the settings and monthly content for the client server monitoring reports Allow Allow Deny Deny Deny
Email Template Configure the email template settings for the server monitoring reports Allow Allow Deny Deny Deny
Monthly Content Configure the daily, weekly and monthly reports and their email settings Allow Allow Deny Deny Deny
Monthly Report View and (re)send the monthly client server reports Allow Allow Allow Deny Optional
Resend Daily View and (re)send the daily client server reports Allow Allow Allow Deny Optional
Resend Weekly View and (re)send the weekly client server reports Allow Allow Allow Deny Optional
Workstations Allow Allow Group Deny Group
Settings Configure the settings for the client workstation reports Allow Allow Deny Deny Deny
Email Template Configure the email template settings for the workstation monitoring reports Allow Allow Deny Deny Deny
Resend Daily View and (re)send the client daily workstation reports Allow Allow Allow Deny Optional
Resend Weekly View and (re)send the client weekly workstation reports Allow Allow Allow Deny Optional
Notes Allow Allow Group Deny Deny
Settings Configure the settings for the notes report Allow Allow Deny Deny Deny
Email Template Configure the email template settings for notes report Allow Allow Deny Deny Deny
Notes Report View the notes report Allow Allow Allow Deny Deny

Mobile Apps

Permission Description Superuser Administrator Standard Client Client: Custom Options
Mobile Apps Access the mobile apps Allow Allow Deny Deny Optional
Private Notes View and add private check notes Allow Allow Deny Deny Optional

Monitoring & Management

Permission Description Superuser Administrator Standard Client Client: Custom Options
24x7 & Daily Safety Checks Allow Allow Group Deny Optional
Settings Add, edit and delete checks Allow Allow Deny Deny Deny
Predefined SNMP Checks View, add, edit and delete predefined SNMP checks Allow Allow Allow Deny Deny
Usage Run and clear checks Allow Allow Allow Deny Optional
Automated Tasks Allow Allow Group Deny Optional
Settings Add, edit and delete tasks for devices and sites Allow Allow Deny Deny Deny
Usage Run automated tasks Allow Allow Allow Deny Optional
View View automated tasks on the Tasks tab Allow Allow Allow Allow Optional
Outages Allow Allow Deny Deny Optional
View Show the outages tab Allow Allow Allow Deny Optional
Details Show the details of the outage Allow Allow Deny Deny Deny
Monitoring Templates Allow Allow Deny Deny Optional
Settings Add, edit and delete monitoring templates. Set default monitoring templates for new devices Allow Allow Deny Deny Deny
Usage Add and replace checks on devices using the monitoring templates Allow Allow Deny Deny Optional
Custom Scripts View, add, edit and delete custom scripts for checks and tasks Allow Allow Deny Deny Deny
Maintenance Mode Schedule maintenance mode and turn maintenance mode on and off Allow Allow Allow Deny Deny
Critical Events Add, edit, delete and apply critical events settings Allow Allow Deny Deny Deny
Notes Allow Allow Allow Group Optional
Usage Add, edit and delete device notes and check notes Allow Allow Allow Deny Deny
View View client facing notes Allow Allow Allow Allow Optional
Pending Actions Allow Allow Allow Group Optional
Clients View and cancel pending actions across clients Allow Allow Allow Deny Deny
Devices View and cancel pending actions for a device Allow Allow Allow Allow Optional
Reboot Reboot devices Allow Allow Allow Deny Optional
Backup Device Configuration Download a copy of the 24x7 and Daily Safety Check configuration on a device Allow Allow Allow Deny Optional

Apple Device Management

Permission Description Superuser Administrator Standard Client Client: Custom Options
Certificates Manage certificates Allow Allow Deny Deny Optional
Profile Library Manage the profile library Allow Allow Deny Deny Optional
Profile Deployment Deploy profiles to devices using Apple Device Management Allow Allow Deny Deny Optional
Apple Business Manager View and manage Apple Business Manager tokens Allow Allow Deny Deny Optional
Workstations Allow Allow Group Group Group
View View workstations on the Dashboard Allow Allow Allow Allow Allow
View Profiles View Profiles on workstations Allow Allow Deny Deny Optional
Install Profiles Install Profiles on workstations Allow Allow Deny Deny Optional
Remove Profiles Remove Profiles from workstations Allow Allow Deny Deny Optional
Lock Send the command to workstations Allow Allow Deny Deny Optional
Instant Restart Send the command to workstations Allow Allow Deny Deny Optional
Remote Wipe
Send the command to workstations Allow Allow Deny Deny Optional
Update Device Information Send the command to workstations Allow Allow Deny Deny Optional
Shutdown Device Send the command to workstations Allow Allow Deny Deny Optional
Checkout Send the command to workstations Allow Allow Deny Deny Optional
Command History View the commands sent to workstations Allow Allow Deny Deny Optional
Mobile Devices Allow Allow Group Group Group
View View mobile devices on the Dashboard Allow Allow Allow Allow Allow
View Profiles View Profiles on mobile devices Allow Allow Deny Deny Optional
Install Profiles Install Profiles on mobile devices Allow Allow Deny Deny Optional
Remove Profiles Remove Profiles from mobile devices Allow Allow Deny Deny Optional
Lock Send the command to mobile devices Allow Allow Deny Deny Optional
Instant Restart Send the command to mobile devices Allow Allow Deny Deny Optional
Remote Wipe
Send the command to mobile devices Allow Allow Deny Deny Optional
Update Device Information Send the command to mobile devices Allow Allow Deny Deny Optional
Shutdown Device Send the command to mobile devices Allow Allow Deny Deny Optional
Checkout Send the command to mobile devices Allow Allow Deny Deny Optional
Command History View the commands sent to mobile devices Allow Allow Deny Deny Optional

Integrations

Permission Description Superuser Administrator Standard Client Client: Custom Options
Integration Management Allow Allow Deny Deny Optional
View View integration settings Allow Allow Deny Deny Optional
Manage Manage integration settings Allow Deny Deny Deny Optional
Endpoint Detection & Response Allow Allow Group Group Group
View View EDR on the Dashboard Allow Allow Allow Allow Allow
Manage Manage the EDR integration Allow Allow Deny Deny Optional
Policies Add, Edit and Delete EDR policies Allow Allow Deny Deny Optional
Settings Apply EDR policies Allow Allow Deny Deny Optional

Features

Permission Description Superuser Administrator Standard Client Client: Custom Options
Managed Antivirus Allow Allow Group Group Optional
Settings & Policies Add, edit and delete Managed Antivirus policies and apply to devices. Use the CART tool Allow Allow Deny Deny Optional
Usage Run and cancel MAV scans, quarantine and release items from quarantine, update threat definitions, detect installed products Allow Allow Allow Deny Optional
View View MAV scan results Allow Allow Allow Allow Optional
Recovery Key Management Retrieve Disk Encryption Key Allow Allow Deny Deny  
Patch Management Allow Allow Group Group Optional
Settings & Policies Add, edit and delete Patch Management policies and apply to devices Allow Allow Deny Deny Optional
Usage Install, approve, reprocess and ignore patches. Run the vulnerability check Allow Allow Allow Deny Optional
View View patches on the Patches tab Allow Allow Allow Allow Optional
Web Protection Allow Allow Group Group Optional
Settings & Policies Add, edit and delete Web Protection policies and apply to devices Allow Allow Deny Deny Optional
Usage Refresh Web Protection data and use the website lookup tool Allow Allow Allow Deny Optional
View View Web Protection browsing data Allow Allow Allow Allow Optional
Backup & Recovery Allow Allow Group Group Optional
Settings & Policies Add, edit and delete Backup & Recovery policies and apply to devices Allow Allow Deny Deny Deny
Usage Download the Backup Manager, run backups, restore backups, view changed and removed files Allow Allow Allow Deny Optional
View View backup files on the Backup tab, view changed and removed files Allow Allow Allow Allow Optional
Network Discovery Allow Group Deny Deny Optional
Settings Enable or disable Network Discovery at the policy or device level Allow Deny Deny Deny Deny
Usage Access the Networks tab, manage a network and use the Network Discovery feature Allow Allow Deny Deny Deny
View Show Networks tab on the North-pane Allow Allow Deny Deny Optional
NetPath Allow Allow Deny Deny Optional
Usage Access the NetPath section, manage and view Network Paths Allow Allow Deny Deny Optional
View Show NetPath in the View menu Allow Allow Allow Deny Optional
Mobile Device Management

Mobile Device Management was retired on November 1, 2021 and replaced with Apple Device Management.

Allow Allow Group Group Optional
Settings & Policies Add, edit and delete mobile devices; view mobile device reports Allow Allow Deny Deny Deny
Usage Issue updates and commands for mobile devices under management Allow Allow Allow Deny Optional
View Show Mobile Devices tab on the North-pane Allow Allow Allow Allow Optional
O365, Google Drive Access the Services tab. Add, edit and delete services, and use the Services functions Allow Allow Deny Deny Deny
Take Control Allow Allow Group Group Optional
Settings Configure and install Take Control and Remote Access. Customize the remote support mail templates Allow Allow Deny Deny Optional
Usage Use Take Control to remote on to end-point devices that have Take Control installed Allow Allow Allow Deny Optional
View Show Take Control column on the North-pane Allow Allow Allow Allow Optional
Attended Take Control Use Take Control Fast Assist to start attended remote access sessions Allow Allow Allow Deny Deny
Remote Background Management Allow Allow Group Group Optional
Settings Enable the Remote Background Management feature for clients, sites and devices Allow Allow Deny Deny Deny
Usage Start and use Remote Background Management sessions on devices Allow Allow Allow Deny Optional
View Show RBM column on the North-pane Allow Allow Allow Allow Optional
Remote Control of Network Devices Start and use Remote Control of Network Device session on devices Allow Allow Allow Deny Optional
User Chat Show or hide the User Chat feature. Take Control or Remote Background Management must be installed on the device. Allow Allow Allow Deny Optional
Remote Support (Legacy tool) Allow Allow Group Deny Optional
Email Template Edit the Remote Support email template Allow Allow Deny Deny Deny
Usage Send the Remote Support agent Allow Allow Allow Deny Optional
Remote Desktop Start a remote desktop session Allow Allow Deny Deny Optional
System Tray Allow Allow Group Group Optional
Settings Manage the system tray settings including icon Allow Allow Deny Deny Deny
View Show System Tray column on the North-pane Allow Allow Allow Allow Optional
Risk Intelligence Allow Allow Allow Allow Optional
Settings & Policies Configure and install Risk Intelligence. Customize and apply policies. Allow Allow Deny Deny Optional
Usage Run Risk Intelligence scans Allow Allow Allow Deny Optional
View View the Risk Intelligence results and reports Allow Allow Allow Allow Optional

Filter Manager

Permission Description Superuser Administrator Standard Client Client: Custom Options
Settings Manage and use custom filters Allow Allow Allow Deny Optional

Please be aware that the Asset Tracking section and all Dashboard Reports (apart from the account wide User Audit Report and Remote Support Report) are Client Group aware. And where setup, users will only see Assets and Dashboard Reports that are specific to their assigned Clients; for example when selecting All Clients from a Report drop-down, this will only return the Reports for their Client Group. In line with best practice we would suggest taking a moment to login as the Client and check the returned information to ensure the expected information is returned.