1.0 - Introduction
Client access roles give you full control over what your clients can see and do when they log into the HighGround client portal. This ensures that clients have access only to the relevant information and actions that align with their needs. If you want to control what your MSP employees can see and do, please read our Member Access Roles article.
HighGround utilizes Role-Based Access Control (RBAC), which simplifies the setup process by providing pre-defined permission levels that cover the majority of your access requirements. With RBAC, you can quickly and easily assign roles based on specific tasks, ensuring your team and clients have the right level of access without unnecessary complexity.
2.0 - Types of Client Access Roles
There are 2 different types of client access role:
Default Roles: These are the pre-defined client access roles that come with HighGround. They cover the most common access control scenarios you’re likely to encounter, making it easy to get started without the need for extensive configuration.
Custom Roles: These roles are fully customizable and allow you to create access
permissions tailored to your specific requirements. Whether you need more granular control or unique configurations for different clients, custom roles give you the flexibility to define exactly what your clients can see and do in the client portal.
By leveraging both default and custom roles, you can fine-tune your access control to match your clients’ needs, ensuring security and efficiency every step of the way
3.0 - Types of Access Levels
Client access roles are made up of a collection of access levels. These access levels are generic and will control access in differently within different parts of HighGround.
The following table details the standard access level types.
Access Level | Description |
No access | No access to the module or feature |
Restricted View | Can view summary details but cannot drilldown into any further data |
View | Can view summary and drilldown data |
Edit | Can view, edit and create data but cannot delete |
Full Access | Unrestricted access - can view, edit, create and delete data |
4.0 - Matrix of Access Levels <> Modules
There are different access levels available for different modules in HighGround, as detailed in the matrix below:
| No Access | Restricted View | View | Edit | Full Access |
Module |
|
|
|
|
|
Dashboard |
|
|
|
|
|
Assets |
|
|
|
|
|
Action Centre |
|
|
|
|
|
Technology Spend |
|
|
|
|
|
Governance & Resilience |
|
|
|
|
|
Security Packages |
|
|
|
|
|
Storefront |
|
|
|
|
|
Integrations |
|
|
|
|
|
System Settings |
|
|
|
|
|
User Management |
|
|
|
|
|
5.0 - Matrix of Access Levels for Default Client Access Roles
The following table details the access levels used for the default client access roles.
| Business Owner/ | Compliance/ | IT Manager | Global Administrator |
Module |
|
|
|
|
Dashboard | View | View | Edit | Edit |
Assets | No Access | View | Full Access | Full Access |
Action Centre | View | Full Access | Full Access | Full Access |
Technology Spend | View | View | Full Access | Full Access |
Governance & Resilience | View | Full Access | Full Access | Full Access |
Security Packages | Full Access | View | Full Access | Full Access |
Storefront | N/A | N/A | N/A | N/A |
Integrations | No Access | View | Full Access | Full Access |
System Settings | No Access | No Access | Full Access | Full Access |
User Management | No Access | No Access | Full Access | Full Access |
6.0 - Custom Access Roles
For more specific access control needs, you can create a custom access role using HighGround's pre-defined Access Levels.
This allows you to tailor access permissions to suit your unique requirements, ensuring you have complete control over what clients can see and do in the portal.
There are two methods for creating a custom access role:
Duplicate Existing: This option allows you to duplicate a default client access role or an existing custom client access role. It’s perfect if you want to quickly create a new role with similar permissions to an existing one, saving you time on setup.
Create New: If you prefer to start from scratch, you can create a completely new custom client access role. This method gives you the flexibility to define each permission level and access control setting exactly as you need, offering full customization for your unique use case.
The following sections explain how to perform these actions.
6.1 - Create a Custom Client Access Role by Duplicating an existing role
Watch our instructional video on duplicating roles or, alternatively read the steps listed below.
Step 1: Click on your profile picture in the top right corner of the page, then select the 'MSP System Settings' option from the dropdown menu.
Step 2: On the left-hand side of the screen, choose 'Client Access Roles' to access the role management section.
Step 3: Browse through the list of pre-existing access roles and select the one you'd like to duplicate.
Step 4: After duplicating the role, you’ll find the new copy at the bottom of your list of access roles.
Note: You will have the option to change the name of this once clicking on it.
Step 5: Click on your duplicated role to open it, and then choose the appropriate access level for each module based on your requirements.
Step 6: Once you've configured the access levels, click 'Save' to secure your changes.
Step 7: Your custom access role will now appear in your list of access roles and will be ready for use across your clients.
6.2 - Create a Custom Client Access Role from Scratch
Watch our instructional video on creating custom access roles or, alternatively read the steps listed below.
Step 1: Click on your profile picture in the top right corner of the page and select 'MSP System Settings' from the dropdown menu.
Step 2: On the left-hand side of the screen, choose 'Client Access Roles' to navigate to the access role settings.
Step 3: Click on 'Add Access Role' to create a new role.
Step 4: Give your new access role a clear name and description, so you can easily identify it later.
Step 5: Choose the appropriate access levels for each module based on what you want the role to be able to access and do.
Step 6: Once you're happy with the settings, click 'Save' to finalize the role.
7.0 - Editing client access roles
The default client access roles in HighGround cannot be edited directly. If you need to make changes to one of these roles, the best approach is to duplicate the role and then modify the duplicate.
Custom client access roles, on the other hand, can be edited at any time. Just be aware that any changes you make will take effect immediately for all client users associated with that role.
To edit a client access role, follow these steps:
Step 1: Click on the client access role you want to edit. This will open the role, showing you all the current access levels associated with it.
Step 2: Make the necessary changes to the access levels or settings.
Step 3: Click 'Save' to apply your changes. The updated role will automatically be reflected across all clients using it.
By following these steps, you can easily manage and update custom access roles to fit your needs.
8.0 - Deleting Client Access Roles
The default client access roles in HighGround cannot be deleted.
Before you delete a custom client access role, you must first ensure that it is not actively in use by any client user.
To delete a client access role, follow these steps:
Step 1: Next to each client access role, you’ll see an ellipsis (three dots). Click on it, and you’ll be presented with three options: 'Duplicate', 'Edit', or 'Delete'.
Step 2: Click on 'Delete' to initiate the removal of the role.
Step 3: If the client access role is actively in use, a prompt will appear asking you to confirm that you want to delete it. If you're sure, click 'Yes', and the access role will be permanently deleted.
9.0 - Applying a client access role for a client user
To set a client user's access level, you’ll need to do this from the client’s Client Settings—not from your MSP System Settings where you’re creating the client access role. This ensures that the access level is applied specifically to the individual client user.
9.1 - Applying an access role to a client user
Note: You can apply more than one access role to a client, however where they clash on the same module the access role with the highest restriction level will be applied.
Watch our instructional video on applying access roles or, alternatively read the steps below.
Step 1: Begin by navigating to your dashboard.
Step 2: On the right-hand side, click the three dots and select 'Add Member' from the options.
Step 3: Choose the client you’d like to assign the access role to, or add a new client if necessary.
Step 4: Apply the appropriate access role(s) to the client, or create a custom role if needed, and then assign it.
(If you need information on how to create a client access role please go here.)
9.2 - Previewing a client users access
It can be useful to preview what permissions a client user will have in HighGround. You can do this by using the 'preview' feature from a client users account. Watch our instructional video on this or read the steps listed below.
Step 1: Go to your company Dashboard.
Step 2: Click on the three dots on the right hand side of the screen.
Step 3: Go to 'Add Member'.
Step 4: Select on the client who's access role you would like to preview.
Step 5: Scroll down on their page to where you see 'Access roles'.
Step 6: Click on 'Preview access'.
Note: You can not edit the access role here.