User functions and permissions
NAVIGATION Administration > Configuration > Teams and Users
PERMISSIONS Administrator
This article describes the Unified RMM (URMM) functions you can assign to your VSA 10 users and the system access those functions provide.
Overview
URMM permissions are grouped by application functions, which are assigned at the team level.
All VSA 10 users inherit their access and permissions from the team to which they're assigned. Users assigned to the Administrators team have full access to all areas of the application and all permissions.
NOTE To learn how to configure team permissions in VSA 10, refer to Access in Managing teams and users.
VSA 10 functions and permissions
The following table defines all functions available in VSA 10, their selectable permission tiers, and the application access that they grant. You can select individual permission tiers, or select a function to grant all permission related to that function. These permissions apply to the device card in Device Management, Groups, and Site Maps pages in both web and mobile applications.
NOTE If a function is enabled in team permissions, the Device Configuration profile determines availability at the device level.
NOTE If a function is disabled in team permissions, it is always hidden/inaccessible, regardless of the settings in the Device Configuration profile.
| Access Type | Functionality | Permission tiers | Permission descriptions |
|---|---|---|---|
|
MODULES
|
Devices - Device Management
|
Add Devices | Can add devices to VSA 10. |
| Delete Devices | Can delete devices from VSA 10. | ||
| Move Devices | Can move devices to different organizations, sites, and agent groups. | ||
| Allow Bulk Actions | Can perform bulk actions against devices | ||
| Automation | View and Run Automation | Can view and run scripts, tasks, workflows, workflow history, custom fields, and download managed files. | |
| Edit Automation | Can create and edit scripts, tasks, workflows, and custom fields. | ||
| Reporting | View Reports | Can view templates, generated documents, and reports. | |
| Run Reports | Can run reports. | ||
| Edit Reports | Can create or modify a report. | ||
| Advanced Reporting | View Reporting and run reports | Can access the Advanced Reporting page; can view and export reports. | |
| Endpoint Protection | View Policy | Can view the following Antivirus and Ransomware Detection areas:
|
|
| Edit Policy | Can create and edit Ransomware Detection policies. | ||
| Patch Management | View Policy | Can view the following Patch Management areas:
|
|
| Edit Policy | Can create and edit policies and custom titles. | ||
|
REMOTE TOOLS
|
Remote Control | Use IT Glue Passwords | Can use IT Glue passwords during Remote Control sessions; requires IT Glue Integration. |
| Allow 1-Click access | Can use 1-Click access to automatically launch Remote Control sessions. | ||
| Enforce recording for all remote desktop sessions | If a Remote Control session is launched, it will be automatically recorded. | ||
| View remote desktop session recordings | Can view recorded Remote Control sessions in the Recorded Sessions section of the device details pane. | ||
|
Allow Remote Control on Demand |
Can access the Remote Control on Demand (RCoD) feature and connect to an RCoD remote session. | ||
| Allow Sharing of Console Sessions | Allows more than one user to share a console session to the same device. | ||
| Allow Private RDP Sessions | Allows the user to establish a Private Desktop Session. | ||
| Allow Microsoft RDP Client Sessions | Allows the user to establish a Private Desktop Session using the native Microsoft RDP Client. | ||
| Allow Sharing of Active User Sessions | Allows the sharing of an active user session. | ||
| View System Details | Hardware | Can view hardware information on the device details pane. | |
| Network | Can view network information on the device details pane. | ||
| Performance Counters | Can view performance counter information on the device details pane. | ||
| Event Log | Can view event log information on the device details pane. | ||
| Manage Files | Enable | Can browse file systems, upload and download files in the device details pane. | |
| Manage Registry | Enable | Can browse and update the registry in the device details pane. | |
| Manage Printers | Enable | Can manage printers and jobs in the device details pane. | |
| Manage Tasks | Services | Can view and manage services in the device details pane. | |
| Processes | Can view and manage processes in the device details pane. | ||
| Manage User Sessions | Users | Can view and manage logged in users in the device details pane. | |
| Chat | Can change with logged in users from the device details pane. | ||
| Screens | Can remotely view content on active displays from the device details pane. | ||
| Web Cam | Can access the device's webcam and take snapshots from the device details pane. | ||
| Manage Workflow Activity | Enable | Can view and manage workflow activity from the device details pane. | |
| Terminal Access | Terminal | Allows the use of a terminal session from the device details pane. | |
| Powershell | Allows the use of a Powershell session from the device details pane. | ||
| Execute System Commands (Agent-installed devices) | Lock | Can lock a device from the device details pane. | |
| Logoff | Can log out a console user from the device details pane. | ||
| Restart | Can reboot a device from the device details pane. | ||
| Shut Down | Can gracefully shut down a device from the device details pane. | ||
| Power Off | Can power off a device from the device details pane. | ||
| Suspend | Can suspend a device from the device details pane. | ||
| Hibernate | Can put a device into hibernate mode from the device details pane. | ||
| Enter Maintenance Mode | Can put a device into maintenance mode from the device details pane. | ||
| Wake Up | Can from the device details pane. | ||
| Execute MDM Commands | Enable | Can execute MDM commands from the device details pane for enrolled MDM devices. | |
| Execute Datto Networking Commands | Enable | Can execute Datto Networking commands from the device details pane. NOTE Access to enroll and unenroll commands is controlled by the Edit Datto BCDR Integrations Pages permission. |
|
|
INTEGRATIONS
|
Bitdefender | View Bitdefender Integration Pages | Can view all areas of Integrations > Bitdefender. |
| Generate Access Token | Can enable the Bitdefender integration and generate a system token user used for all background operations. | ||
| Connectors | View Connectors Integration Pages | Can view configuration information for all connector types within Integrations > Connectors and Devices > Active Connectors. | |
| Edit Connectors Integration Pages | Can create and edit connectors. | ||
| Datto BCDR | View Datto BCDR Integrations Pages | Can view all areas of Integrations > Datto BCDR. | |
| Edit Datto BCDR Integrations Pages | Can create and edit Datto BCDR portals, map BCDR devices, and set up protected devices. | ||
| Datto Endpoint Backup | View Datto Endpoint Backup Pages | Can view the backup status and details but cannot make changes. | |
| Edit Datto Endpoint Backup Pages | Can deploy agents and assign tokens. | ||
| Datto Networking | View Datto Networking Pages | Can view all areas of Integrations > Datto Networking. | |
| Edit Datto Networking Pages | Can create and edit portals, map and unmap networks, and enroll and unenroll devices. | ||
| Datto EDR | View Datto EDR | Can view all areas of Integrations > Datto EDR/AV. | |
| PSA | View PSA Integration Pages | Can see information related to the Autotask, ConnectWise, and BMS integrations. | |
| Edit PSA Integration Pages | Can change information related to the Autotask, ConnectWise, and BMS integrations. | ||
|
ADMINISTRATION
|
Configuration - Organizations | View Organization Properties | Can view the properties of all organizations the user has access to in Administration > Configuration > Organizations. |
| Edit Organization Properties | Can edit the properties of all organizations the user has access to in Administration > Configuration > Organizations. | ||
| Create & Delete Organizations | Can create and delete organizations in Administration > Configuration > Organizations. |
