1.0 - Introduction
Client access roles allow you to control what your client can see and do in HighGround when they login to the client portal. If you want to control what your MSP employees can see and do, then you need to use Member Access Roles.
HighGround uses Role Based Access Control (RBAC), making it much easier for you to setup access using pre-defined permission levels for the majority of access requirements.
2.0 - Types of Client Access Roles
There are 2 different types of client access role:
Default: these are the pre-defined client access roles in HighGround and cover the most common access control scenarios you are likely to need.
Custom: these are client access roles that you create for your own specific use.
3.0 - Types of Access Levels
Client access roles are made up of a collection of access levels. These access levels are generic and will control access in differently within different parts of HighGround.
The following table details the standard access level types.
Access Level | Description |
No access | No access to the module or feature |
Restricted View | Can view summary details but cannot drilldown into any further data |
View | Can view summary and drilldown data |
Edit | Can view, edit and create data but cannot delete |
Full Access | Unrestricted access - can view, edit, create and delete data |
4.0 - Matrix of Access Levels <> Modules
There are different access levels available for different modules in HighGround, as detailed in the matrix below:
| No Access | Restricted View | View | Edit | Full Access |
Module |
|
|
|
|
|
Dashboard |
|
|
|
|
|
Assets |
|
|
|
|
|
Action Centre |
|
|
|
|
|
Technology Spend |
|
|
|
|
|
Governance & Resilience |
|
|
|
|
|
Security Packages |
|
|
|
|
|
Storefront |
|
|
|
|
|
Integrations |
|
|
|
|
|
System Settings |
|
|
|
|
|
User Management |
|
|
|
|
|
5.0 - Matrix of Access Levels for Default Client Access Roles
The following table details the access levels used for the default client access roles.
| Business Owner/ | Compliance/ | IT Manager | Global Administrator |
Module |
|
|
|
|
Dashboard | View | View | Edit | Edit |
Assets | No Access | View | Full Access | Full Access |
Action Centre | View | Full Access | Full Access | Full Access |
Technology Spend | View | View | Full Access | Full Access |
Governance & Resilience | View | Full Access | Full Access | Full Access |
Security Packages | Full Access | View | Full Access | Full Access |
Storefront | N/A | N/A | N/A | N/A |
Integrations | No Access | View | Full Access | Full Access |
System Settings | No Access | No Access | Full Access | Full Access |
User Management | No Access | No Access | Full Access | Full Access |
6.0 - Custom Access Roles
For custom access control requirements, you can create a custom access role using the pre-defined Access Levels.
There are 2 methods for creating a custom access role:
Duplicate existing: duplicate a default client access role or an existing custom client access role.
Create new: start from scratch by creating a new custom client access role.
The following sections explain how to perform these actions.
β
6.1 - Create a Custom Client Access Role by Duplicating an existing role
Watch our instructional video on duplicating roles or, alternatively read the steps listed below.
Step 1: Click on your profile picture located at the top right hand side of the page and select the 'MSP System Settings' option.
Step 2: Choose the 'Client Access Roles' option on the left hand side of the screen.
Step 3: Go to the pre-existing access roles and select the one you would like to duplicate
Step 4: Once you have duplicated the role you will see it at the bottom of your list.
Note: You will have the option to change the name of this once clicking on it.
Step 5: You can now click on your duplicated role and chose an access level for each module.
Step 6: Once this is done click 'save'.
Step 7: Your custom access role will now be shown in your list of access roles and is available to use.
6.2 - Create a Custom Client Access Role from Scratch
Watch our instructional video on creating custom access roles or, alternatively read the steps listed below.
Step 1: Click on your profile picture located at the top right hand side of the page and select the 'MSP System Settings' option.
Step 2: Choose the 'Client Access Roles' option on the left hand side of the screen.
Step 3: Click on 'Add access roles'.
Step 4: Give your access role a name and description.
Step 5: Determine what access levels you want for each module.
Step 6: Click 'Save'.
7.0 - Editing client access roles
The default client access roles in HighGround cannot be edited. If you need to edit them then you should duplicate them.
You can edit custom client access roles at any time, however please be aware that the changes will take effect immediately for all client users who are associated with the client access role.
To edit a client access role, follow these steps.
Step 1: Click on the client access role you want to make changes to, This will bring up
your client access role and all access levels.
Step 2: Select the changes you would like to make.
Step 3: Click 'save' and your access role will be automatically updated.
8.0 - Deleting Client Access Roles
The default client access roles in HighGround cannot be deleted.
Before you delete a custom client access role, you must first ensure that it is not actively in use by any client user.
To delete a client access role, follow these steps:
Step 1: Beside each of the client access roles there will be an ellipses, click this and you will see three options: 'Duplicate' 'Edit' or 'Delete'.
Step 2: Click on Delete.
Step 3: If your client access role is being actively used you will see a prompt to make sure you definitely want to delete this, If this is still the case then click 'yes' and your access role will be deleted.
β
9.0 - Applying a client access role for a client user
To set a client users access level, you must do this in the Clients 'Client Settings' (i.e. you cannot do this from your MSP System Settings where you are creating the client access role).
9.1 - Applying an access role to a client user
Note: You can apply more than one access role to a client, however where they clash on the same module the access role with the highest restriction level will be applied.
Watch our instructional video on applying access roles or, alternatively read the steps below.
Step 1: Start by going on to your dashboard.
Step 2: By clicking the three dots on the right hand side go to 'add member'.
Step 3: Pick or add the client you would like to add the access role to.
Step 4: Apply the access role/roles to the client or create the role you would like then add.
(If you need information on how to create a client access role please go here.)
9.2 - Previewing a client users access
It can be useful to preview what permissions a client user will have in HighGround. You can do this by using the 'preview' feature from a client users account. Watch our instructional video on this or read the steps listed below.
Step 1: Go to your company Dashboard.
Step 2: Click on the three dots on the right hand side of the screen.
Step 3: Go to 'Add Member'.
Step 4: Select on the client who's access role you would like to preview.
Step 5: Scroll down on their page to where you see 'Access roles'.
Step 6: Click on 'Preview access'.
Note: You can not edit the access role here.