Default system roles and their permissions
You can assign the following default system roles with their defined permissions to users:
- Superuser—full system access with all permissions enabled (except for Product Keys and Subscription Management)
- Administrator—system access to most features except user management and billing information
- Standard—system access with mixed permissions; mostly concerned with viewing items and using features
- Client— basic system access with permissions for specific Client management and view options
If the default system roles don't meet you needs, you can create your own roles.
If you create a new role based on the Superuser, Administrator, or Standard system roles you can edit all of the permissions, except the Security permission that is for Superuser only, and for Subscription Management Portal that can't be edited for Standard roles.
If you create a new role based on the Client system role, you are limited in the permissions you can edit. To find permissions you can edit for the Client, see the items marked as Optional in the Client: Custom Options column of the following tables.
Expand the following sections to view the default permissions for each default system role:
General
Permission Description Superuser Administrator Standard Client Client: Custom Options General Settings View and edit the general account settings Allow Allow Deny Deny Deny Users Allow Deny Deny Deny Deny User Accounts Add, edit and delete user accounts Allow Deny Deny Deny Deny Security Reset 2FA for users. Superuser Role only. Allow Deny Deny Deny Deny Roles & Permissions Add, edit and delete user roles Allow Deny Deny Deny Deny Client groups Add, edit and delete client groups Allow Deny Deny Deny Deny Clients Add, edit and delete clients Allow Allow Deny Deny Deny Sites Add, edit and delete sites Allow Allow Deny Deny Deny Devices Add, edit and delete devices (Client cannot Add devices) Allow Allow Allow Deny Optional Agents Allow Allow Allow Deny Deny Download & Install Download and install agents and add devices Allow Allow Allow Deny Deny Site Installation Package Configure and download a site installation package Allow Allow Allow Deny Deny Agent Auto-update Settings View and update the Agent versions on servers and workstations Allow Allow Allow Deny Deny Quick Links Allow Allow Deny Deny Deny Take Control Show or hide the Take Control quick link in the Allow Allow Deny Deny Deny MSP Manager Show or hide the MSP Manager quick link in the Allow Allow Deny Deny Deny Cove Show or hide the Cove Data Protection (Cove) quick link in the Allow Allow Deny Deny Deny External Links Allow Allow Group Deny Deny Settings Edit the external links settings Allow Allow Deny Deny Deny Usage Show the external links drop-down menu Allow Allow Allow Deny Deny Help Allow Allow Allow Deny Optional System Help Show the link to the helpfile section Allow Allow Allow Deny Optional Support Tickets Submit help tickets to customer support via the Help drop-down menu Allow Allow Allow Deny Optional Release Notes Show link to the release notes section Allow Allow Allow Deny Optional Billing Allow Deny Deny Deny Deny Report View billing related reports Allow Deny Deny Deny Deny PSA Integration Allow Allow Group Deny Optional Settings Set up and configure a PSA integration Allow Allow Deny Deny Deny Usage Create, edit and view PSA tickets and information Allow Allow Allow Deny Optional Asset Tracking The Asset Tracking section is Client Group aware. When Client Groups are configured, users only see Assets specific to their assigned Clients.
View and use the Asset Tracking section Allow Allow Allow Deny Optional Product Keys Display the Windows and Microsoft Office Keys in the device Summary tab Deny Deny Deny Deny Optional Wall Chart View and edit the Wall Chart settings Allow Allow Deny Deny Deny Community Access the Community websites Allow Allow Allow Deny Deny Alerting
Permission Description Superuser Administrator Standard Client Client: Custom Options Alert Routing & Policies Set server and workstation alert routing and alert policy settings Allow Allow Deny Deny Deny Email Templates View and edit email templates Allow Allow Deny Deny Deny Email & SMS Alerts Allow Allow Allow Deny Optional Devices Show the email and SMS alert columns for Servers and Workstations in the North-pane Allow Allow Allow Deny Optional Checks Show the email and SMS alert columns for checks in the South-pane Allow Allow Allow Deny Optional Reporting
Permission Description Superuser Administrator Standard Client Client: Custom Options Dashboard Reports All Dashboard Reports, except the User Audit Report, are Client Group aware. When Client Groups are configured, users only see Dashboard Reports specific to their assigned Clients.
Allow Allow Group Deny Optional User Audit View the User Audit Report Allow Allow Allow Deny Deny Added and Removed Devices View the added and removed devices Allow Allow Allow Deny Deny Device Inventory View the Device Inventory Report Allow Allow Allow Deny Optional Feature Policy View the Feature Policy Report Allow Allow Allow Deny Optional Critical Events View the Critical Events Report Allow Allow Allow Deny Optional Check Clearing View the Check Clearing Report Allow Allow Allow Deny Optional Fault History View the Fault History Report Allow Allow Allow Deny Optional Bandwidth and Performance History View the Bandwidth History Report Allow Allow Allow Deny Optional Active Directory Users View the Active Directory Report Allow Allow Allow Deny Optional Automated Tasks View the Automated Task Report Allow Allow Allow Deny Optional Take Control View the Take Control report Allow Allow Allow Deny Optional Patch Management View the Patch Management report Allow Allow Allow Deny Optional Managed Antivirus View the Managed Antivirus reports Allow Allow Allow Deny Optional Disk Encryption Allow Allow Deny Deny Optional Disk Encryption Report View the Disk Encryption Report Allow Allow Deny Deny Optional Recovery Key Report View the Disk Encryption Recovery Key Report Allow Allow Deny Deny Optional Web Protection View the Web Protection reports Allow Allow Allow Deny Optional Backup & Recovery View the Backup & Recovery report Allow Allow Allow Deny Optional Mobile Device Management View the MDM reports Allow Allow Allow Deny Optional Risk Intelligence View the Risk Intelligence reports Allow Allow Allow Deny Optional Servers Allow Allow Group Deny Optional Settings Configure the settings and monthly content for the client server monitoring reports Allow Allow Deny Deny Deny Email Template Configure the email template settings for the server monitoring reports Allow Allow Deny Deny Deny Monthly Content Configure the daily, weekly and monthly reports and their email settings Allow Allow Deny Deny Deny Monthly Report View and (re)send the monthly client server reports Allow Allow Allow Deny Optional Resend Daily View and (re)send the daily client server reports Allow Allow Allow Deny Optional Resend Weekly View and (re)send the weekly client server reports Allow Allow Allow Deny Optional Workstations Allow Allow Group Deny Group Settings Configure the settings for the client workstation reports Allow Allow Deny Deny Deny Email Template Configure the email template settings for the workstation monitoring reports Allow Allow Deny Deny Deny Resend Daily View and (re)send the client daily workstation reports Allow Allow Allow Deny Optional Resend Weekly View and (re)send the client weekly workstation reports Allow Allow Allow Deny Optional Notes Allow Allow Group Deny Deny Settings Configure the settings for the notes report Allow Allow Deny Deny Deny Email Template Configure the email template settings for notes report Allow Allow Deny Deny Deny Notes Report View the notes report Allow Allow Allow Deny Deny Mobile Apps
Permission Description Superuser Administrator Standard Client Client: Custom Options Mobile Apps Access the mobile apps Allow Allow Deny Deny Optional Private Notes View and add private check notes Allow Allow Deny Deny Optional Monitoring & Management
Permission Description Superuser Administrator Standard Client Client: Custom Options 24x7 & Daily Safety Checks Allow Allow Group Deny Optional Settings Add, edit and delete checks Allow Allow Deny Deny Deny Predefined SNMP Checks View, add, edit and delete predefined SNMP checks Allow Allow Allow Deny Deny Usage Run and clear checks Allow Allow Allow Deny Optional Automated Tasks Allow Allow Group Deny Optional Settings Add, edit and delete tasks for devices and sites Allow Allow Deny Deny Deny Usage Run automated tasks Allow Allow Allow Deny Optional View View automated tasks on the Tasks tab Allow Allow Allow Allow Optional Outages Allow Allow Deny Deny Optional View Show the outages tab Allow Allow Allow Deny Optional Details Show the details of the outage Allow Allow Deny Deny Deny Monitoring Templates Allow Allow Deny Deny Optional Settings Add, edit and delete monitoring templates. Set default monitoring templates for new devices Allow Allow Deny Deny Deny Usage Add and replace checks on devices using the monitoring templates Allow Allow Deny Deny Optional Custom Scripts View, add, edit and delete custom scripts for checks and tasks Allow Allow Deny Deny Deny Maintenance Mode Schedule maintenance mode and turn maintenance mode on and off Allow Allow Allow Deny Deny Critical Events Add, edit, delete and apply critical events settings Allow Allow Deny Deny Deny Notes Allow Allow Allow Group Optional Usage Add, edit and delete device notes and check notes Allow Allow Allow Deny Deny View View client facing notes Allow Allow Allow Allow Optional Pending Actions Allow Allow Allow Group Optional Clients View and cancel pending actions across clients Allow Allow Allow Deny Deny Devices View and cancel pending actions for a device Allow Allow Allow Allow Optional Reboot Reboot devices Allow Allow Allow Deny Optional Backup Device Configuration Download a copy of the 24x7 and Daily Safety Check configuration on a device Allow Allow Allow Deny Optional Device Management for Apple
Permission Description Superuser Administrator Standard Client Client: Custom Options Certificates Manage certificates Allow Allow Deny Deny Optional Profile Library Manage the profile library Allow Allow Deny Deny Optional Profile Deployment Deploy profiles to devices using Device Management for Apple Allow Allow Deny Deny Optional Apple Business Manager View and manage Apple Business Manager tokens Allow Allow Deny Deny Optional Apps & Books View, manage, and distribute App Store purchases Allow Allow Deny Deny Optional Workstations Allow Allow Group Group Group View View workstations on the N-sight RMM Dashboard Allow Allow Allow Allow Allow View Profiles View Profiles on workstations Allow Allow Deny Deny Optional Install Profiles Install Profiles on workstations Allow Allow Deny Deny Optional Remove Profiles Remove Profiles from workstations Allow Allow Deny Deny Optional Lock Send the command to workstations Allow Allow Deny Deny Optional Instant Restart Send the command to workstations Allow Allow Deny Deny Optional Remote Wipe Send the command to workstations Allow Allow Deny Deny Optional Update Device Information Send the command to workstations Allow Allow Deny Deny Optional Update OS Version Send the command to workstations Allow Allow Deny Deny Optional Shutdown Device Send the command to workstations Allow Allow Deny Deny Optional Enrollment options View and manage the Device Management for Apple enrollment options Allow Allow Deny Deny Optional Command History View the commands sent to workstations Allow Allow Deny Deny Optional Mobile Devices Allow Allow Group Group Group View View mobile devices on the N-sight RMM Dashboard Allow Allow Allow Allow Allow View Profiles View Profiles on mobile devices Allow Allow Deny Deny Optional Install Profiles Install Profiles on mobile devices Allow Allow Deny Deny Optional Remove Profiles Remove Profiles from mobile devices Allow Allow Deny Deny Optional Lock Send the command to mobile devices Allow Allow Deny Deny Optional Instant Restart Send the command to mobile devices Allow Allow Deny Deny Optional Remote Wipe Send the command to mobile devices Allow Allow Deny Deny Optional Clear Passcode Send the command to mobile devices Allow Allow Deny Deny Optional Update Device Information Send the command to mobile devices Allow Allow Deny Deny Optional Update OS Version Send the command to mobile devices Allow Allow Deny Deny Optional Shutdown Device Send the command to mobile devices Allow Allow Deny Deny Optional Unenrol Unenrol mobile devices Allow Allow Deny Deny Optional Command History View the commands sent to mobile devices Allow Allow Deny Deny Optional Integrations
Features
Permission Description Superuser Administrator Standard Client Client: Custom Options Managed Antivirus Allow Allow Group Group Optional Settings & Policies Add, edit and delete Managed Antivirus policies and apply to devices. Use the CART tool Allow Allow Deny Deny Optional Usage Run and cancel MAV scans, quarantine and release items from quarantine, update threat definitions, detect installed products Allow Allow Allow Deny Optional View View MAV scan results Allow Allow Allow Allow Optional Recovery Key Management Retrieve Disk Encryption Key Allow Allow Deny Deny Patch Management Allow Allow Group Group Optional Settings & Policies Add, edit and delete Patch Management policies and apply to devices Allow Allow Deny Deny Optional Usage Install, approve, reprocess and ignore patches. Run the vulnerability check Allow Allow Allow Deny Optional View View patches on the Patches tab Allow Allow Allow Allow Optional Web Protection Allow Allow Group Group Optional Settings & Policies Add, edit and delete Web Protection policies and apply to devices Allow Allow Deny Deny Optional Usage Refresh Web Protection data and use the website lookup tool Allow Allow Allow Deny Optional View View Web Protection browsing data Allow Allow Allow Allow Optional Backup & Recovery Allow Allow Group Group Optional Settings & Policies Add, edit and delete Backup & Recovery policies and apply to devices Allow Allow Deny Deny Deny Usage Download the Backup Manager, run backups, restore backups, view changed and removed files Allow Allow Allow Deny Optional View View backup files on the Backup tab, view changed and removed files Allow Allow Allow Allow Optional Network Discovery Allow Group Deny Deny Optional Settings Enable or disable Network Discovery at the policy or device level Allow Deny Deny Deny Deny Usage Access the Networks tab, manage a network and use the Network Discovery feature Allow Allow Deny Deny Deny View Show Networks tab on the North-pane Allow Allow Deny Deny Optional NetPath Allow Allow Deny Deny Optional Usage Access the NetPath section, manage and view Network Paths Allow Allow Deny Deny Optional View Show NetPath in the View menu Allow Allow Allow Deny Optional Mobile Device Management
Mobile Device Management was retired on November 1, 2021 and replaced with Device Management for Apple.
Allow Allow Group Group Optional Settings & Policies Add, edit and delete mobile devices; view mobile device reports Allow Allow Deny Deny Deny Usage Issue updates and commands for mobile devices under management Allow Allow Allow Deny Optional View Show Mobile Devices tab on the North-pane Allow Allow Allow Allow Optional O365, Google Drive Access the Services tab. Add, edit and delete services, and use the Services functions Allow Allow Deny Deny Deny Take Control Allow Allow Group Group Optional Settings Configure and install Take Control and Remote Access. Customize the remote support mail templates Allow Allow Deny Deny Optional Usage Use Take Control to remote on to end-point devices that have Take Control installed Allow Allow Allow Deny Optional View Show Take Control column on the North-pane Allow Allow Allow Allow Optional Attended Take Control Use Take Control Fast Assist to start attended remote access sessions Allow Allow Allow Deny Deny Remote Background Management Allow Allow Group Group Optional Settings Enable the Remote Background Management feature for clients, sites and devices Allow Allow Deny Deny Deny Usage Start and use Remote Background Management sessions on devices Allow Allow Allow Deny Optional View Show RBM column on the North-pane Allow Allow Allow Allow Optional Remote Control of Network Devices Start and use Remote Control of Network Device session on devices Allow Allow Allow Deny Optional User Chat Show or hide the User Chat feature. Take Control or Remote Background Management must be installed on the device. Allow Allow Allow Deny Optional Remote Support (Legacy tool) Allow Allow Group Deny Optional Email Template Edit the Remote Support email template Allow Allow Deny Deny Deny Usage Send the Remote Support agent Allow Allow Allow Deny Optional Remote Desktop Start a remote desktop session Allow Allow Deny Deny Optional System Tray Allow Allow Group Group Optional Settings Manage the system tray settings including icon Allow Allow Deny Deny Deny View Show System Tray column on the North-pane Allow Allow Allow Allow Optional Risk Intelligence Allow Allow Allow Allow Optional Settings & Policies Configure and install Risk Intelligence. Customize and apply policies. Allow Allow Deny Deny Optional Usage Run Risk Intelligence scans Allow Allow Allow Deny Optional View View the Risk Intelligence results and reports Allow Allow Allow Allow Optional Filter Manager
Permission Description Superuser Administrator Standard Client Client: Custom Options Settings Manage and use custom filters Allow Allow Allow Deny Optional
To avoid exposure of customer details to other clients, it is imperative that Client Dashboard logins are used with Client Groups to ensure the customer can only view their own devices and information, rather than other client details.
To avoid inadvertently revealing customer information, we recommend you log into the Client Dashboard with the customer login before distributing the credentials to the customer to verify they can only view their own details.