About roles and permissions
There are six types of user roles available, each with their own permission levels for available actions. The roles are specified on the Create/Edit User screen.
Administrator — Users with this permission level control the highest-level security and account settings and have access to all IT Glue data. We recommend that most teams have only a couple of Administrators. The first user to start a new account is given an Administrator role. Administrators added subsequently can change the role of the first user if needed.
Manager — Managers can manage users and handle most administrative tasks, plus create, edit, and delete data within the organizations that they have permission to access. Certain destructive actions (i.e. permanently deleting data) are permitted.
Editor — Editors can create, edit, and delete data within the organizations that they have permission to access, plus set asset permissions, controlling which other users have access to that asset.
Creator — Creators can create and edit data within the organizations that they have permission to access, plus set asset permissions, controlling which other users have access to that asset.
Read-only — Users with this permission level can only view data within the organizations that they have permission to access. This role is read-only.
Lite — Users with this permission level can only view data within the organizations that they have permission to access. This role is read-only and is only allowed access to up to five organizations/sub-organizations. This role is ideal for clients you invite to your account.
For reference, the table below summarizes the different permission levels:
Comparing Manager and Administrator roles
Here's a quick overview of the Manager and Administrator roles.
Managers
Managers can perform these administrative actions in the account:
- Update billing
- Invite/edit/remove users (except Administrator roles)
- Manage user groups (except groups that they are not a member of)
- Create/edit/delete flexible asset templates
- Edit the organizational sidebar
- Enable integrations and features
- Access sync settings and data management screens associated with PSA and RMM integrations
- View detailed activity logs
- Import data (requires access to all organizations)
Administrators
Administrators have all the same administrative rights and permissions as Managers but with the following additions:
- Turn on enforced multi-factor authentication (MFA) for all users
- Turn on single-sign on (SSO) for all users
- Reset MFA for users
- Generate API keys for IT Glue API and Warranty Master API
- Configure GlueConnect
- View and share the Passwords Accessed report
- Export IT Glue data
- Full visibility to all IT Glue data; an all-access pass to the account (regardless of access settings)
Because the Manager and Administrator roles are highly privileged, enabling multi-factor authentication to increase the level of security is strongly recommended.