Permissions exclusions and more granularity

I would like to add our own tenant as IUL but we do not allow our staff to manage our internal tenant, only client ones. We would only want Super Admins to have access to manage it and MSP Admins and MSP IT Admins have read only. We do not currently have the granularity of RBAC to accomplish this. As a consequence, I have to leave my own tenant out of NMM. We have the ability to allow all or specific clients access to roles. We also need the ability to exclude which would override allow permissions (i.e. allow all, yet exclude these 2 or 3 tenants). We also need to be able to set role restrictions on specific clients if needed. This would apply to some of our GCC clients and other security sensitive clients.


Comments (1 comment)

Dave Stephenson

Welcome to the community, Kurt Rinear!

I agree with your idea.
Right now, you can explicitly deny access to environments to individual users (who aren't Super Admins). However, whenever you add a new customer/account, you have to manually go in and update the scope for all of the individual user accounts.
It's a workaround for what you're asking, but a tedious one. 

Another possible solution would be for the Nerdio team to allow bulk actions in the Role Assignments screen so we could update the Scope in bulk.

Just as a FYI, there have been a few other people who have suggested similar things 🙂
Search results – Nerdio Help Center (
Account Deny list for Roles – Nerdio Help Center (
Add Account Groups – Nerdio Help Center (


Please sign in to leave a comment.