Exclude account permissions from organization | Voters

Exclude account permissions from organization

complete

Mayer Kahan

Ability to exclude organization(s) from account-level permissions. This is important if we have our internal organization in the same Huntress account as our client organization and don't want all account admins having access by default.

The only option I see is to create a separate Huntress account for internal use under a different domain.

August 2, 2021

Dean Guo

marked this post as

complete

We just updated our platform with a new capability that allows partners to manage internal endpoints separately. See the help article for more information. https://support.huntress.io/hc/en-us/articles/18887485650195

Marking this as complete! Let us know if you have any additional questions or comments.

Chris Sotak

Alex Payne This is a similar feature request to the one you recently posted. (I have upvoted)

Alex Payne

Chris Sotak: Nice find!

Mayer Kahan

Hi, Any update on this?

Aaron Tuomala

This is a must for us. We allow our staff to manage clients, but not our internal organization.

Esta Schaefer

Would definitely like to see this as well. Internal org would be ok to start, but ideally end state would be full granularity.

Dima Kumets [Product Manager - Huntress]

Is this coming from a privacy perspective or some other need?

Do you think we would need to do this just for the one internal org or is granularity required here?

Garrick McIntyre

Dima Kumets [Product Manager - Huntress]: Ideally, more granular. We pull in our site structure Connectwise Automate and we have three internal “companies” for permission granularity and ease of management.

Dima Kumets [Product Manager - Huntress]

Thanks Garrick McIntyre!

Jeff Weinman

Dima Kumets [Product Manager - Huntress]: For control over our own org's Huntress config. We have internal IT to manage our own system so we don't want our security engineers who manage Huntress for our clients to get in our own system.

Initially one internal org but I like the idea of it being more granular as we build out teams of engineers responsible for subsets of clients.

Mayer Kahan

Dima Kumets [Product Manager - Huntress]: Original request was for internal org only. Reason being, I don't want engineers with access to the platform (with account level) to have the ability to view and modify settings for internal org.

RBAC and user groups are def needed, not for the same reason. Many service providers have pod based support split up by client and giving every pod access to all orgs goes against security best practices (least privilege).

Vicente Mundarain

marked this post as

under review

We are currently researching how to best support granular RBAC

Andy Smith

Would love to see this feature as well!

Berk Mustafa

This is a must for all "MSP Friendly" systems. Please get this on the short term roadmap.