Users and Roles at the MSP Level
Nerdio Manager allows you to grant users access to the Nerdio Manager application with varying levels of permissions at the MSP level and customer account level. For example, you can create MSP Help Desk users who are able to view specific accounts and can log in to and manage those accounts. In addition, you can create MSP Billing Admins, who do not have account-level access but have full access to the Billing module. Optionally, admin access can be configured to expire after a set number of days.
Nerdio Manager has the following types of roles:
Built-in Roles: Built-in roles are roles with predefined access permissions that cannot be changed by anyone.
Custom Roles: Custom roles are roles that can be customized as per your business needs.
This article covers the following topics:
Overview of Built-in Roles
The following built-in roles are available in Nerdio Manager:
Super Admin: Can manage all accounts and all admins.
MSP Admin: Can manage multiple customer accounts.
MSP IT Admin: Can manage AVD host pools, servers, desktop images, and backups on select accounts.
MSP Help Desk: Can manage users, groups, and AVD user sessions of select accounts.
MSP Billing Admin: Can view billing information for all accounts.
Account Admin: Can manage a single customer account.
Account Help Desk: Can manage users, groups, and AVD user sessions of a single account.
End-user: Can manage their own desktops.
Role Permissions for Built-in Roles
The following chart details the permissions assigned to each user role:
Add a New Custom Role Definition
Nerdio Manager allows admins to add new custom role definitions.
To add a new custom role definition:
At the MSP level, navigate to Users and Roles > Role definitions.
-
Select Add.
-
Enter the following information:
Name: Type the role's name.
Description: Type a description of the role.
Allowed permissions: Select all the permissions that all allowed for this role.
-
Denied permissions: Select all the permissions that are denied for this role.
Notes:
Use Select all and Unselect all as desired.
Expand and drill down the lists of permissions to select/unselect the desired permissions.
Optionally, select Copy from to copy the permissions from an existing role. These copied permissions may be customized for the new role.
Once you have entered the desired information, select Save.
Add a New Custom Role Video Demo
The following video is a demo of creating a custom role called "testtest" with "All" permissions allowed.
Manage Existing Role Definitions
Nerdio Manager allows admins to manage existing role definitions. This includes editing or removing definitions.
To manage role definitions:
-
At the MSP level, navigate to Users and Roles > Role definitions.
The Role Definitions table displays.
Select Edit to edit a role definition.
For a custom role, from the action menu, select Remove to remove a role definition.
Add a New Role Assignment (Grant Access)
Nerdio Manager allows admins to grant users and groups access to the app.
To grant user or group access:
At the MSP level, navigate to Users and Roles > Role assignments.
-
Select Add.
-
Enter the following information:
Role: From the drop-down list, select role for the new user or group.
Accounts: From the drop-down list, select the customer account the user/group should have access to.
-
Users/Groups: Type the user(s) and group(s) to be added.
Note: Press Enter key between users or groups. For example, type joe@xyz.com and press Enter. Then type bob@xyz.com and press Enter.
-
Access Expiration: Select the desired access expiration.
Set Date: For Set Date, select the specific date and time to automatically remove the user's role.
Set Duration: For Set Duration, from the drop-down list, select a time frame to have the system automatically remove the user's role after the specified time frame.
Unlimited: Select this option to never have the access expire automatically.
Once you have entered the desired information, select OK.
Manage Existing Role Assignments
Nerdio Manager allows admins to manage existing role assignments. This includes editing or removing access.
To manage role assignments:
-
At the MSP level, navigate to Users and Roles > Role assignments.
The Role Assignments table displays.
Select Edit to edit a user.
From the action menu, select Remove access to remove a single user.
-
To remove access for a group of users:
At the bottom, select Select all on page to select all the users on the page. Conversely, select Unselect all on page to unselect all the users on the page.
Alternatively, select several users by selecting the icon next to the desired users.
Once you have made your selections, at the bottom, select Removed selected.
Select OK on the confirmation pop-up.
Comments (0 comments)