Kaseya Community

All User Roles get full permissions to new modules by default - this is backwards

  • We patched our Kaseya server over the weekend, and installed the new Software Management module.

    It appears that by default, every User Role gets full permissions by default to a new module.  This does not seem right to me.  

    I have had to edit most user roles this morning and remove permissions for the new module.

    I would have expected that any new features and settings would need to be explicitly ADDED to a role.......

    Anyone else noticed this?

  • Good catch, I didn't even think to check this after we added Software Management this week.  Yes, all my roles also have full access to Software Management.

  • I have noticed the same thing. As well as user roles changing. I think they need to fix it so it does not change
  • Hi , , ,

    I have complained about this for a long time and have contacted support who have checked and advised that this crazy practice is by design.

    I do have an open feature request for this, so please feel free to upvote it!

    helpdesk.kaseya.com/.../115000863792-Do-not-automatically-enable-features-in-user-roles-following-an-upgrade-or-patch

  • +1

    It has been this way as long as I can remember. We have about 10 different roles defined and it's an annoying and needless undertaking to have to manually remove access from almost all of them every time a new module gets installed.

    For a company that prides itself on security Kaseya really ought to think more about 'least privilege' - en.wikipedia.org/.../Principle_of_least_privilege

  • I 100% agree. We have hundreds of roles configured and it take us forever each time a change happens. It's an absolute PITA. I too have pointed out the least privilege principal as working any other way makes no sense, but this is apparently "by design".