Expansion of user roles
in progress
Activity Feed
Sort by
J
Jeff Custer
We would like to be able to disallow account-level access changes for Account-level users (example, not be able to set an exclusion for a country...for ALL organizations), or maybe even allow ONLY user-level access changes for Account-level users (our technicians who currently have the "Security Engineer" role). Another way to put this is: We need the ability to granularly assign permissions per role. In addition, adding the ability to granularly assign organization-level permissions (for internal IT users at the larger clients) so they can do things like set travel exclusions for VPN/Location Escalations for their org, for example.
E
Emma Santiago
Feedback from a partner we recieved:
I know Huntress has been talking about removing the Security Engineer role completely for Organizational level, but maybe that should be the equivalent of the current admin role, while the admin role is modified to actually allow for all actions. I'm unclear as I don't believe I've run into this issue before, for most clients we do the management of the escalations at the account level, but I would still expect that if I make an internal organization's power user an admin for the organization it would still allow them to resolve escalations. Otherwise, I'm not sure what the point of that role would be? For that client specifically, they found that new VPN connection was unexpected, but they were unable to create a new ITDR rule to effectively take action on the alert.
E
Eyal Gallico
We need roles for different techs to manage different companies
Chad Perrier
We need Finance Role to be allowed to sync subscriptions so they can update Agreement qty. and manage agreements. Since this is not enabled, it forces an admin to intervene during the billing process due to lack of permissions.
J
Jon Cole
We need the ability as an MSP to set Account users to access a subset of organizations. AutoElevate has a feature where we can say "This user can access all organizations EXCEPT [list one or more organizations in the account]". We don't want our regular techs being able to affect our internal systems but be able to affect our clients.
P
Phil Wainwright
There needs to be a security level or option that gives a user the ability to do MS integrations for MDR without having admin access. Staff who do level 2 provisioning should not have access to billing information or be able to sign contracts on behalf of the company - these should be only available to owners/managers.
S
Steven Richardson
Phil Wainwright This is exactly what I came here to say. We have to give our onboarding team way too much access to the tool to be able to complete their tasks.
Mike
Please allow security engineers added on organization level have access to escalations for that organization. Does not make sense to remove this ability, especially looking at the description of security engineer role permissions: Security Engineers can: Act on an Escalation (Resend Report or Resolve)
M
Matt MacDonald
Can you add an option where we can remove the ability for Security Engineers to Change global preferences such as SAML SSO and Change account-level AV policy
L
Lance Fogle
The Security Engineer role has one permission too much: Change global preferences such as SAML SSO or manage Host Isolation settings
There is absolutely NO reason for a security engineer to be able to disable SSO or manage overall global preferences of any kind. A Security Engineer just needs to be able to take action on hosts within client orgs.
That global capability belongs to admin role I would think.
D
Dean Guo
We've just released an account-level Security Engineer role that provides more granular permissions. Notably, it allows for host isolation/de-isolation. See our support article for more details! https://support.huntress.io/hc/en-us/articles/4404012728083-User-Permissions
We are also close to launching a feature that will allow for internal orgs to be handled separately.
D
Dave Ellis
Dean Guo: Dean, this change being released resulted in our users suddenly losing permissions they had, yet, I don't see any notification that this was coming. In fact, if I hadn't been subscribed to this topic I wouldn't have had any idea what was going on.
Something with this kind of an impact should have been communicated ahead of time so we could understand what was changing and be ready for it. Now we're scrambling last minute to figure out what role people need to be at to accomplish what they need to do.
D
Dean Guo
Dave Ellis: Hi, I'm sorry for the scramble. This should not have impacted any existing permissions. Could you provide more details on what permissions were lost so we can help triage or run a hotfix? Feel free to message at dean.guo@huntresslabs.com
D
Dean Guo
Thank you to Dave for pointing out that we did inadvertently make a change to the bulk agent permissions for the "User" role during a refactor. We have reverted that back to the original permission set as of today.
Load More
→