Managing MSP roles and permissions

Managed Service Provider (MSP) admin users are assigned roles that reflect their abilities at the channel and descendant workspace levels. Granular permissions are assigned to each role.

Coro has three predefined roles, which can’t be edited or deleted, but can be duplicated:

  • MSP Viewer : Can view content.
  • MSP Administrator : Can view and edit content.
  • MSP Super admin : Can view and edit content. Additionally, MSP super admins can reassign roles to MSP admin users and admin users.
note

You can’t remove the last MSP super admin of a channel.

Permissions are categorized into the following options:

  • No Access : The MSP admin user cannot see or interact with the section.
  • Can View : The MSP admin user can see the section but cannot make changes.
  • Can Edit : The MSP admin user can view and make changes to the section.

The different sections are as follows:

Group Section Description
MSP Permissions MSP Management Set permissions for the Workspaces section in global view (MSP Portal), the MSP admin users, MSP roles, and workspace labels sections.
All Lists Set permissions for the global devices and protected users sections, as well as the devices and protected users sections of descendant workspaces.
All Tickets Set permissions for the global ticket log and Actionboard, as well as the ticket logs and Actionboards of descendant workspaces.
Descendant workspace permissions Management Set permissions for the workspace section of the Control Panel in descendant workspaces.
Protection Set permissions for enabled modules in the Control Panel in descendant workspaces. If a new module is enabled, custom and Viewer roles receive Can view permissions. Editor and Super admin roles receive Can edit permissions, and can change the permissions for other roles.

To access MSP Roles:

  1. Sign in to the Coro console .
  2. Select Global view from the top of the console:

    Global view toggle

  3. From the sidebar, select control panel icon to access Global Settings :

    Global settings

  4. Select Access Control .
  5. Select MSP roles :

    MSP roles tab

    Coro displays the MSP roles page.

    This page shows:

    • All predefined and custom MSP roles, and a dropdown menu that shows the detailed permissions of each role.
    • The number of MSP admin users assigned to each role.
    • The channel workspace for which the role is created, for custom roles.
    • An option to add custom roles .
    • an actions menu to manage each role .

Adding a custom role

Coro offers predefined roles for most scenarios, in addition to the option to create custom roles with specific permissions. This allows MSP admin users to have precise access and responsibilities in their channel workspace and any descendant workspaces.

To add a custom role:

  1. Select + ADD MSP ROLE from the top right:

    Add role button

    Coro displays the Add MSP role dialog:

    Add role

  2. Select a channel workspace to which you want to add the role.
  3. Enter a name for the role.
  4. Select the desired permissions for the role:
Section Description Permissions
MSP management Set permissions for the Workspaces section in global view (MSP Portal), the MSP admin users, MSP roles, and workspace labels sections. No access, Can view, Can edit

For the Workspaces (MSP portal) section, edit options include:
  • Edit workspace details
  • Start subscription
  • Stop subscription
  • Edit subscription
  • Create child workspace
  • Create channel workspace
  • Archive workspace
  • Generate MSP export
  • Generate MSP summary report
  • Export MSP notifications
For the MSP admin users section, edit options include:
  • Add MSP admin users
  • Remove MSP admin users
For the MSP roles section, edit options include:
  • Add/duplicate MSP roles
  • Edit MSP roles
  • Remove MSP roles
All views Set permissions for the global devices and protected users sections, as well as the devices and protected users sections of descendant workspaces. No access, Can view, Can edit
All tickets Set permissions for the global ticket log and Actionboard, as well as the ticket logs and Actionboards of descendant workspaces. No access, Can view, Can edit

Edit options include:
  • Low impact actions
  • Medium impact actions
  • Critical impact action
  • Comment on tickets
Management Set permissions for the workspace section of the Control Panel. No access, Can view, Can edit

For the Admin users tab, edit options include:
  • Add
  • Edit
  • Remove
  • Manage Content Permissions
  • Delete 2FA data
Protection Set permissions for enabled modules in the Control Panel.

If a new module is enabled, custom and Viewer roles receive Can view permissions.

Editor and Super admin roles receive Can edit permissions, and can change the permissions for other roles.		 No access, Can view, Can edit
  1. Select SAVE .

    Coro creates the MSP role and MSP admin users can be assigned the role.

Managing custom roles

MSP admin users with sufficient permissions can manage custom roles. This includes editing, deleting, and duplicating the role. These actions can be taken from the three-dot menu next to the relevant role:

MSP roles manage

Editing roles

MSP admin users can edit roles to change their name and permissions.

Duplicating roles

MSP admin users can duplicate roles. When duplicating a role, the new role inherits the permissions of the original role, which can then be edited.

Deleting Roles

MSP admin users can delete roles. You can’t delete a role that has MSP admin users currently assigned to it. Assign other roles to those users before deleting the role. MSP super admins can assign a new role from the MSP admin users tab.