1.0 - Introduction
Member access roles allow for each of your MSP employees to have their own role allowing them access to different things at different levels. If you want to control your clients access roles, then you need to use client access roles.
HighGround uses Role Based Access Control (RBAC), making it much easier for you to setup accessing pre-defined permission levels for the majority of access requirements.
2.0 - Types of Member Access Roles
There are 2 different types of member access roles:
Default: these are pre-defined member access roles within HighGround and cover the most common access scenarios you are likely to require.
Custom: these are member access roles created by you to meet specific needs.
3.0 Types of Access Levels
Member access roles are made up of a collection of access levels. The access levels are generic and will control access differently within different parts of HighGround.
The following table details the standard access level types.
Access Level | Description |
No Access | No access to the module or feature |
Restricted View | Can view summary details but cannot drilldown into any further data |
View | Can view summary details and drilldown data |
Edit | Can view, edit, and create data but cannot delete |
Full Access | Unrestricted access - can view, edit, create and delete data |
3.1 Permissions for member access roles
When it comes to member access roles permissions are granted under 3 separate sections:
MSP modules - These are the msp features such as Companies, Integrations, Sell, Security Stack, SecOps etc.
Client management - This is what you allow members to be able to see within the clients profile.
Own organisation - This is what your members can see in your own MSP's profile.
4.0 Matrix of access levels <> modules
There are different access levels available for different modules in HighGround, as detailed in the matrix below.
4.1 Default member access roles for MSP modules
| No Access | Restricted View | View | Edit | Full Access |
Module |
|
|
|
|
|
MSP Security Stack |
|
|
|
|
|
SecOps |
|
|
|
|
|
MSP Sell |
|
|
|
|
|
MSP Action Centre |
|
|
|
|
|
MSP Integrations |
|
|
|
|
|
PSA Integrations |
|
|
|
|
|
MSP System Settings |
|
|
|
|
|
MSP User Management |
|
|
|
|
|
4.2 Client Management
| No Access | Restricted View | View | Edit | Full Access |
Module |
|
|
|
|
|
Dashboard |
|
|
|
|
|
Assets |
|
|
|
|
|
Action Centre |
|
|
|
|
|
Technology Spend |
|
|
|
|
|
Governance & Resilience |
|
|
|
|
|
Security Packages |
|
|
|
|
|
Integrations |
|
|
|
|
|
System Settings |
|
|
|
|
|
User Management |
|
|
|
|
|
4.3 Own Organisation
| No Access | Restricted View | View | Edit | Full Access |
Module |
|
|
|
|
|
Technology Spend |
|
|
|
|
|
Dashboard |
|
|
|
|
|
Assets |
|
|
|
|
|
Action Centre |
|
|
|
|
|
Governance & Resilience |
|
|
|
|
|
Integrations |
|
|
|
|
|
Security Packages |
|
|
|
|
|
System Settings |
|
|
|
|
|
User Management |
|
|
|
|
|
5.0 - Matrix of access levels for default member access roles
The following tables detail the access levels used for each section of the default member access roles.
5.1 - MSP modules
| Global Administrator | Sales Advisor | Account Manager | Security Engineer | Senior Security Engineer |
Module |
|
|
|
|
|
MSP Security Stack | Full access | View | Full Access | Full Access | Full Access |
SecOps | Full Access | No Access | View | Full Access | Full Access |
MSP Sell | Full Access | View | Full Access | View | Full Access |
MSP Action Centre | Full Access | No Access | View | View | Full Access |
MSP Integrations | Full Access | No Access | No Access | Full Access | Full Access |
PSA Integrations | Full Access | No Access | No Access | View | Full Access |
MSP System Settings | Full Access | No Access | No Access | No Access | Full Access |
MSP User Management | Full Access | No Access | No Access | View | Full Access |
5.2 - Client Management
| Global Administrator | Sales Advisor | Accounts Manager | Security Engineer | Senior Security Engineer |
Modules |
|
|
|
|
|
Clients | Full Access | View | Full Access | Edit | Full Access |
Client User Management | Full Access | No Access | Full Access | Full Access | Full Access |
Technology Spend | Full Access | View | Full Access | Full Access | Full Access |
Assets | Full Access | No Access | View | Full Access | Full Access |
Action Centre | Full Access | No Access | Full Access | Full Access | Full Access |
Governance & Resilience | Full Access | View | Full Access | Full Access | Full Access |
Integrations | Full Access | No Access | View | Full Access | Full Access |
Security Packages | Full Access | Full Access | Full Access | Full Access | Full Access |
System Settings | Full Access | No Access | View | Full Access | Full Access |
Dashboard | Edit | View | View | Edit | Edit |
5.3 - Own Organisation
| Global administrator | Sales Advisor | Accounts Manager | Security Engineer | Senior Security Engineer |
Module |
|
|
|
|
|
Own Organisation | Full Access | Full Access | Full Access | Full Access | Full Access |
Technology Spend | Full Access | View | View | View | Full Access |
Dashboard | Edit | View | View | View | Edit |
Assets | Full Access | No Access | View | Full Access | Full Access |
Action Centre | Full Access | No Access | Full Access | Full Access | Full Access |
Governance & Resilience | Full Access | View | Full Access | Full Access | Full Access |
Integrations | Full Access | No Access | View | Full Access | Full Access |
Security Packages | Full Access | Full Access | Full Access | Full Access | Full Access |
System Settings | Full Access | No Access | View | Full Access | Full Access |
User Management | Full Access | No Access | View | Full Access | Full Access |
6.0 - Custom member access roles
For custom access control requirements, you can create a custom access role using the default access levels.
There are 2 methods for creating a custom access role:
Duplicating: Duplicate a default member access role or an existing custom role.
Create: start from scratch by creating a new custom member access role.
The following section explains how to perform these actions.
6.1 - Create a custom member access role by Duplicating
Watch our instructional video on duplicating roles or, alternatively read the steps listed below.
Step 1: By clicking on your profile picture go to 'MSP System settings'.
Step 2: Go to 'Members and access' on the left hand side of your screen.
Step 3: Click on 'Access Roles'
Step 4: Find the role you would like to duplicate and click on its ellipses.
Note: You will have the option to change the name of this once clicking on it.
Step 5: Your duplicated role will be shown at the bottom of the list, you can now make changes.
Step 6: Click save and your custom access role will be automatically updated.
6.2 - Create a custom member access role from scratch
Watch our instructional video on creating custom roles or, alternatively read the steps listed below.
Step 1: By clicking on your profile picture go to 'MSP System Settings'
Step 2: Go to 'Members and access' on the left hand side of your screen.
Step 3: Click on 'Access Roles'.
Step 4: Select the 'Add Access Roles' button
Step 5: Give your access role a name & description and edit it how you require.
Step 6: Click save and your access role will be automatically added to the bottom of your member access roles list.
7.0 - Editing member access roles
The default member access roles in HighGround can not be edited. If you need to edit them you should duplicate them.
You can edit custom member roles at any time, however please be aware that the changes will take effect immediately for all member users who are associated with the member access role.
To edit a member access role please follow these steps.
Step 1: By clicking your profile picture, go to 'MSP System Settings'.
Step 2: Go to 'Members and access'.
Step 3: Select the member access role you would like to make changes to.
Step 4: Select the changes you would like to make.
Step 5: Press 'save' and your access role will be automatically updated.
8.0 - Deleting member access roles
The default member access roles in HighGround can not be deleted.
Before deleting a custom access role, you must first ensure that it is not actively in use by any client user.
To delete a member access role, follow these steps.
Step 1: By clicking your profile picture go to 'MSP System Settings'.
Step 2: Go to 'Members and access'.
Step 3: Select the ellipses on the access role you would like to delete.
Step 4: From the three options - 'duplicate' 'edit' and 'delete' choose delete.
Step 5: If your member access role is in active use by a member you will see a prompt, if you are still sure you would like to delete this role, press delete.
9.0 - Applying a member access role to a MSP employee
Note: You can apply more than one access role to a member, however where they clash on the same module the access role with the highest restriction level will be applied.
Step 1: Select your profile picture and click on 'MSP System Settings'
Step 2: Select 'Members and access'
Step 3: Select the member you would like to apply an access role to.
Step 4: By clicking the 'select' drop down beside their name, your list of access roles will drop down.
Step 5: Select the access role you would like to apply.
9.1 - Previewing a members access
It can be useful to preview what permissions a member will have in HighGround. You can do this by using the 'preview' feature from an MSP employees account. Watch our instructional vide on this or, read the steps listed below.
Note: You can not edit the access role here.
Step 1: From your dashboard, click your profile picture.
Step 2: Select 'MSP System Settings'.
Step 3: Go to 'Members and access'.
Step 4: Select the member you would like to preview and click their profile picture.
Step 5: Scroll to where you see ' Access roles'
Step 6: Click 'Preview access'.