Custom Roles
With custom roles, Administrators define their own custom IT Glue roles based on their business processes and needs. Custom roles can be granted permissions to administer key features in IT Glue without having full administrative access across all features.
Currently, this feature allows for the creation of roles with the additional permission of Network Glue administration and MyGlue administration.
You need to have the Network Glue add-on or MyGlue add-on to use this feature.
Overview
To create and manage the Custom Roles, go to Admin > Roles.
Expand the Default Roles table if you wish to see default IT Glue roles and their permissions.
To create a new custom role, click + Add Role on the Custom table.
Enter a unique name for your custom role, check Remove IT Glue data if you would like this role to delete data in IT Glue*, choose additional permissions and click Save. You can select multiple additional permissions as more become available.
*This does not include the ability to delete Network Glue networks
NOTE A role without the ability to remove IT Glue data is equivalent to a default IT Glue Creator role, while a role with the ability to delete data is equivalent to an Editor role. If you do not grant your custom role any additional permissions you will have a copy of the Creator or Editor role.
To assign your custom role to a user:
- Navigate to Admin > Users, select a user and click Edit.
- Select Custom role radio button under the user's Role section.
- Select your custom role from the drop-down.
You can edit or delete custom roles at any time. Please remember to click Save to register your changes. If you edit a custom role, any users assigned to that role will instantly have their privileges updated.
If you delete a custom role with users, you will be shown a warning message with the list of the assigned users. If this custom role is deleted, any assigned users will automatically receive base roles of Creator or Editor, depending on whether the custom role had permission to remove IT Glue data.
There is a new activity log entry anytime a Custom Role is created or updated.
Network Glue Administration
Users with a custom role having Network Glue permissions assigned should be able to:
-
- Access the Account tab with the Network Glue section only
- Access Networks within the Organizations that user has access to
- Perform all standard Network Glue administration capability except the ability to delete Networks:
- on Account > Network Glue
- on Account > Network Glue > [Network name]
- Create or edit Network Glue collectors
- Match Network Glue devices and contacts
- Access the Account tab with the Network Glue section only
IMPORTANT
- A custom role with the Network Glue permissions will have access to Active Directory credentials.
- If an account cancels the Network Glue add-on:
- Network Glue will no longer be an available permission for custom roles.
- Previously created roles having the Network Glue permission will show it greyed out. The permissions can still be deselected from the custom role.
- If Network Glue is added back, any custom roles which had the permission will resume having it.
MyGlue Administration
Users assigned to a custom role with the MyGlue Administration permission can view and edit MyGlue Users, Groups and Accounts, without the ability to delete any data.
Users Tab
A user assigned to a custom role with the MyGlue administration permission can:
- View and edit MyGlue users belonging to organizations to which he has access
- Access usage logs
- Invite new users to MyGlue accounts that are attached to the organizations to which he has access
- Edit MyGlue users including resetting their MFA, but not change the user’s type to IT Glue.
A user assigned to a custom role with the MyGlue administration permission cannot delete any MyGlue user data, including from the edit mode of the user page.
Group Tab
A user assigned to a custom role with the MyGlue administration permission can:
- Access MyGlue groups for all organizations to which he has access
- Create MyGlue groups
Note: User does not automatically become a member of the MyGlue group which he created. - See and edit asset type restrictions of assets to which he himself has access.
MyGlue Tab
A user assigned to a custom role with the MyGlue administration permission can:
- Create MyGlue accounts but cannot delete them
- Edit a MyGlue account if he has access to all the organizations assigned to that account
- Turn on the MFA for a MyGlue account.
IT Glue Administrators and Managers with access to all organizations can create, edit and delete MyGlue accounts, users, and groups.
NOTE Groups permissions trump Custom Role permissions. If a user has a custom role with MyGlue permissions and is in a group that restricts access to certain assets, he will not be able to apply asset restrictions for these same assets to any MyGlue users or groups.
IT Glue Managers and MyGlue Administration
IT Glue Managers will retain their existing privileges to MyGlue Administration. A manager can view:
- MyGlue groups where he is a member without seeing any asset restrictions
- MyGlue groups where he has access to all organizations.
- A manager with access to all organizations will also see asset type restrictions for the assets which he has access to.
IT Glue managers who don’t have access to all organizations of a certain MyGlue group can see that the group exists but cannot click into it to view the details.