We patched our Kaseya server over the weekend, and installed the new Software Management module.
It appears that by default, every User Role gets full permissions by default to a new module. This does not seem right to me.
I have had to edit most user roles this morning and remove permissions for the new module.
I would have expected that any new features and settings would need to be explicitly ADDED to a role.......
Anyone else noticed this?
Good catch, I didn't even think to check this after we added Software Management this week. Yes, all my roles also have full access to Software Management.
Hi Jo Bowers, Corey Crossman , Buster Davis,
I have complained about this for a long time and have contacted support who have checked and advised that this crazy practice is by design.
I do have an open feature request for this, so please feel free to upvote it!
It has been this way as long as I can remember. We have about 10 different roles defined and it's an annoying and needless undertaking to have to manually remove access from almost all of them every time a new module gets installed.
For a company that prides itself on security Kaseya really ought to think more about 'least privilege' - en.wikipedia.org/.../Principle_of_least_privilege
Combo I 100% agree. We have hundreds of roles configured and it take us forever each time a change happens. It's an absolute PITA. I too have pointed out the least privilege principal as working any other way makes no sense, but this is apparently "by design".