Managing MSP roles and permissions
Managed Service Provider (MSP) admin users are assigned roles that reflect their abilities at the MSP and descendant workspace levels. Granular permissions are assigned to each role.
Coro has three predefined roles, which can’t be edited or deleted, but can be duplicated:
- MSP Viewer : Can view content.
- MSP Administrator : Can view and edit content.
- MSP Super admin : Can view and edit content. Additionally, MSP super admins can reassign roles to MSP admin users and admin users.
note
You can’t remove the last MSP super admin of a channel.
Permissions are categorized into the following options:
- No Access : The MSP admin user cannot see or interact with the section.
- Can View : The MSP admin user can see the section but cannot make changes.
- Can Edit : The MSP admin user can view and make changes to the section.
The different sections are as follows:
Section | Description |
---|---|
MSP management | Set permissions for the Manage Workspaces section. |
Management | Set permissions for the workspace section of the Control Panel. |
Views | Set permissions for the users and devices sections from the toolbar. |
Protection | Set permissions for enabled modules in the Control Panel. If a new module is enabled, custom and Viewer roles receive Can view permissions. Editor and Super admin roles receive Can edit permissions, and can change the permissions for other roles. |
Tickets | Set permissions for items related to tickets in the Ticket log and Actionboard. |
To access MSP Roles:
- Sign into the Coro console .
-
Select
Manage Workspaces
from the toolbar:
The Manage Workspaces portal appears:
-
Select
MSP roles
:
The MSP roles screen appears:
This screen shows:
- All predefined and custom MSP roles, and a dropdown menu that shows the detailed permissions of that role
- The number of MSP admin users assigned to each role
- The channel workspace for which the role is created, for custom roles
- An option to add custom roles
- an actions menu to manage each role
Adding a custom role
Coro offers predefined roles for most scenarios, in addition to the option to create custom roles with specific permissions. This allows MSP admin users to have precise access and responsibilities in their channel workspace and any descendant workspaces.
To add a custom role:
-
Select
+ ADD MSP ROLE
from the top right:
The Add MSP role dialog appears:
- Select a channel workspace to which you want to add the role.
- Enter a name for the role.
- Select the desired permissions for the role:
Section | Description | Permissions |
---|---|---|
MSP management | Set permissions for the Manage Workspaces page. | No access, Can view, Can edit For the Workspaces tab, edit options include:
|
Management | Set permissions for the workspace section of the Control Panel. | No access, Can view, Can edit For the Admin users tab, edit options include:
|
Views | Set permissions for the users and devices sections from the toolbar. | No access, Can view, Can edit |
Protection | Set permissions for enabled modules in the Control Panel. If a new module is enabled, custom and Viewer roles receive Can view permissions. Editor and Super admin roles receive Can edit permissions, and can change the permissions for other roles. |
No access, Can view, Can edit |
Tickets | Set permissions for items related to tickets in the Ticket log and Actionboard. | No access, Can view, Can edit Edit options include:
|
-
Select
SAVE
.
The MSP role is created and MSP admin users can be assigned the role.
Managing custom roles
MSP admin users with sufficient permissions can manage custom roles. This includes editing, deleting, and duplicating the role. These actions can be taken from the three-dot menu next to the relevant role:
Editing roles
Roles can be edited to change their name and permissions.
Duplicating roles
Roles can be duplicated. When duplicating a role, the new role inherits the permissions of the original role, which can then be edited.
Deleting Roles
Roles can be deleted. You can’t delete a role that has MSP admin users currently assigned to it. Assign other roles to those users before deleting the role. MSP super admins can assign a new role from the MSP admin users tab.