Defining effective user security roles provides you with an added layer of security within your VSA. User Roles define which modules and settings a user can access from the VSA console. While there is no “one size fits all” model, the concepts presented here will provide appropriate access for technicians, engineers, VSA admins, and VSA managers.
In our typical VSA implementation, we create four distinct access levels, and several sub-types for MSP employees, plus three roles for customer access. No user has Master role rights in our deployment configuration. These roles should have a “NOC” or “MSP” prefix to designate them as internal roles.
Level 0 – Support A role designed for support staff to access VSA for running reports, getting agent counts, or checking use and available licensing. No access to automation is available, but these users can view agents and have virtually unlimited access to the reporting functions.
Level 1 – Technician This role, which we name “NOC-1-Tech”, grants the ability to perform basic agent administration, view audit and other configuration settings, and access remote control features. This provides the ability to perform about 80% of what a technician would do on a daily basis for end-user support.
Level 2 – Administrator Named “NOC-2-Admin” in our system, it grants additional capabilities to run procedures, deploy AV and AM, and perform most agent configurations. Neither of the above roles permit changing the configuration of VSA-wide settings.
Level 5 – Specialist These roles grant VSA administration rights to specific features, distributing the administration tasks among multiple users. In our practice, we use the following specialist types:
- Security – provides the ability to perform all Auth Anvil configuration and management tasks.
- AV-Malware – grants access to administer the Antivirus and Malware components, including definition of profiles, policies, and assigning them to customers.
- Updating – allows administration of all Patch Management and Software Management components. It may also allow access to other application updating components.
- Backup – Allows configuration of all VSA settings related to backup operations.
- Manager – grants a combination of roles, usually assigned to the Dispatch, helpdesk or Technical Manager(s).
Implementing these security roles will allow for better security and organization within your VSA infrastructure. To learn more, schedule a demo for MSP Builder’s RMM Suite!