Partner Portal - Customize User Permissions
in progress
R
Ryan Kosowsky
We would like to have the ability to create users for the partner portal without having access to the "Customer-Self" client as that is the customer for our own MSP. We would also like to limit the roles that certain people have in the portal to perhaps read only, or limited roles that cannot modify policies and can only add to allow lists
It would helpful to allow members of our projects team to provision new clients in the portal without them having the ability to delete clients, or to view our own company
Log In
O
Onur YARDIMCI
Merged in a post:
More Granular Admin Options
C
Colby Connolly
Currently the only admin options I see are Customer Admin and Partner Admin. It would be awesome to have an option like URL Admin. A permission level that allows adding/removing URLs in existing URL groups, but does not allow adding/removing URL groups, and (more importantly) does not allow modifying or creating Policies.
O
Onur YARDIMCI
Merged in a post:
More granular RBAC permissions
C
Cody Arnold
We'd like to see that there is additions of more granular permissions both at the client & partner level which would allow for user accounts to be provisioned with a limited set of permissions to do certain things.
Creating our own custom permissions groups that have permissions assigned that allow folks to make certain changes.
Initially our thought is that it would be nice to grant other people access to the platform to look at things like logs without being able to modify anything, additionally, it'd be nice to give additional folks the ability to review user reports and add things to URL groups if needed.
It seems currently it's all or nothing, either someone is an admin and can change any type of setting, or there is no access at all.
As far as granularity goes.... my initial thoughts were
- Log access
- Report access
- Audit log access for the tenant
- Policy access (broken out into read, read/write, or none access)
- Tenant settings access (broken out into read, read/write, or none access)
- ability to modify users or groups (broken out into read, read/write, or none access)
- Access to deployment settings including but not limited to access to deployment keys.
- Ability to access agent settings (which could allow someone to do agent level overrides like enabling bypass)
- Bookmark manager (broken out into read, read/write, or none access)
- Additional permissions controls for customer admins to prevent them from being able to change subscription related settings, long term perhaps allow for options to modify mappings of subs to groups and change/upgrade subs separately. I’m thinking about customers changing it and a partner not realizing it happened.
While it is for some an organizational problem, what we'd like to address is giving staff more autonomy to be able to do some of these more basic tasks without running the risk of allowing people to potentially change more than they should.
Edit 3/8/2025, added option 10.
C
Cody Arnold
Yeah, more granular permissions that allow access to exclude access to specific functions would be nice
Like can add but not remove certain things even would be good
R
Ryan Kosowsky
This would be extremely helpful
V
Vinicius Freitas
+1
The ability to have an admin account role that allows control over only the whitelists, or blocklists, or both, would really improve the list management workflow for MSPs.
R
Ryan Kosowsky
Thank you that is helpful! Can you also add the ability to set various admin "tiers" when accessing customers? A help desk role that has read only to the entire portal but can only modify allow/deny lists, or other limited tasks would be helpful
C
Cody Arnold
+1, Probably the difference between a partner admin and client admin role so if a partner is using it internally, people who manage clients aren't capable of managing the internally used DefensX tenant.
Maria Pavli
in progress
Maria Pavli
planned
Maria Pavli
Merged in a post:
Read-Only Admin
O
Onur YARDIMCI
An administrative user role with permissions to view and access policies, settings, logs, user information, and reports without the ability to modify them. This role should be configurable to ensure that a read-only admin can only interact with customers they are authorized to contact.
Load More
→